Post by: tmirelle on May 26, 2007, 12:17:00 PM
Apprciate someone to help me fix this.
thx
My hijackthis log:
Logfile of HijackThis v1.99.1
Scan saved at 10:11:17 AM, on 26/05/2007
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.6000.16441)
Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Windows Defender\MsMpEng.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
c:\program files\common files\logitech\lvmvfm\LVPrcSrv.exe
C:\Program Files\Adobe\Adobe Version Cue CS2\bin\VersionCueCS2.exe
C:\WINDOWS\arservice.exe
C:\WINDOWS\eHome\ehRecvr.exe
C:\WINDOWS\eHome\ehSched.exe
C:\Program Files\Intel\Intel Matrix Storage Manager\iaantmon.exe
C:\Program Files\Common Files\LightScribe\LSSrvc.exe
C:\Program Files\Common Files\Microsoft Shared\VS7DEBUG\MDM.EXE
C:\WINDOWS\system32\nvsvc32.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Intel\IntelDH\Intel® Quick Resume Technology\ELService.exe
C:\Program Files\Adobe\Adobe Version Cue CS2\data\database\bin\mysqld-nt.exe
C:\WINDOWS\system32\dllhost.exe
C:\Program Files\iPod\bin\iPodService.exe
C:\WINDOWS\system32\wscntfy.exe
C:\WINDOWS\Explorer.EXE
C:\HP\KBD\KBD.EXE
C:\Program Files\Intel\Intel Matrix Storage Manager\iaanotif.exe
C:\WINDOWS\system32\LVCOMSX.EXE
C:\Program Files\Logitech\Video\CameraAssistant.exe
C:\WINDOWS\system32\ElkCtrl.exe
C:\Program Files\Common Files\InstallShield\UpdateService\issch.exe
C:\Program Files\PowerISO\PWRISOVM.EXE
C:\Program Files\Windows Defender\MSASCui.exe
C:\Program Files\Adobe\Adobe Version Cue CS2\ControlPanel\VersionCueCS2Tray.exe
C:\WINDOWS\RTHDCPL.EXE
C:\Program Files\QuickTime\qttask.exe
C:\Program Files\iTunes\iTunesHelper.exe
C:\Program Files\outlook\outlook.exe
C:\Program Files\Adobe\Acrobat 7.0\Distillr\Acrotray.exe
C:\Program Files\Messenger\msmsgs.exe
C:\Program Files\Logitech\Desktop Messenger\8876480\Program\LogitechDesktopMessenger.exe
C:\Program Files\Common Files\Ahead\lib\NMBgMonitor.exe
C:\Documents and Settings\Tanya Main\Application Data\Verbatim Software\V-Key.exe
C:\WINDOWS\system32\ctfmon.exe
C:\WINDOWS\eHome\ehmsas.exe
C:\WINDOWS\eHome\EHTray.exe
C:\DOCUME~1\TANYAM~1\MYDOCU~1\DOBE~1\winlogon.exe
C:\Documents and Settings\Tanya Main\Application Data\a?sembly\winlogon.exe
C:\Program Files\Real\RealPlayer\realplay.exe
C:\Program Files\Common Files\Real\Update_OB\realsched.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Documents and Settings\Tanya Main\My Documents\My Downloads\utilities\hijackthis.exe
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar = http://g.msn.com/0SEENUS/SAOS01?FORM=TOOLBR (http://\"http://g.msn.com/0SEENUS/SAOS01?FORM=TOOLBR\")
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = http://g.msn.com/0SEENUS/SAOS01?FORM=TOOLBR (http://\"http://g.msn.com/0SEENUS/SAOS01?FORM=TOOLBR\")
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?linkid=677 (http://\"http://go.microsoft.com/fwlink/?linkid=677\")
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157 (http://\"http://go.microsoft.com/fwlink/?LinkId=69157\")
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896 (http://\"http://go.microsoft.com/fwlink/?LinkId=54896\")
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896 (http://\"http://go.microsoft.com/fwlink/?LinkId=54896\")
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157 (http://\"http://go.microsoft.com/fwlink/?LinkId=69157\")
R1 - HKCU\Software\Microsoft\Internet Explorer\SearchURL,(Default) = http://g.msn.com/0SEENUS/SAOS01?FORM=TOOLBR (http://\"http://g.msn.com/0SEENUS/SAOS01?FORM=TOOLBR\")
R3 - Default URLSearchHook is missing
O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll
O2 - BHO: (no name) - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~1\UTILIT~1\SPYBOT~1\SDHelper.dll
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.5.0_06\bin\ssv.dll
O2 - BHO: (no name) - {7E853D72-626A-48EC-A868-BA8D5E23E045} - (no file)
O2 - BHO: Windows Live Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
O2 - BHO: AcroIEToolbarHelper Class - {AE7CD045-E861-484f-8273-0445EE161910} - C:\Program Files\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll
O2 - BHO: (no name) - {B5001D46-D9AE-DA7B-DD7F-88ADD3BF74E5} - C:\WINDOWS\system32\mjlpijb.dll
O2 - BHO: Windows Live Toolbar Helper - {BDBD1DAD-C946-4A17-ADC1-64B5B4FF55D0} - C:\Program Files\Windows Live Toolbar\msntb.dll
O3 - Toolbar: Windows Live Toolbar - {BDAD1DAD-C946-4A17-ADC1-64B5B4FF55D0} - C:\Program Files\Windows Live Toolbar\msntb.dll
O3 - Toolbar: Adobe PDF - {47833539-D0C5-4125-9FA8-0819E2EAAC93} - C:\Program Files\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [PS2] C:\WINDOWS\system32\ps2.exe
O4 - HKLM\..\Run: [KBD] C:\HP\KBD\KBD.EXE
O4 - HKLM\..\Run: [IAAnotif] C:\Program Files\Intel\Intel Matrix Storage Manager\iaanotif.exe
O4 - HKLM\..\Run: [LVCOMSX] C:\WINDOWS\system32\LVCOMSX.EXE
O4 - HKLM\..\Run: [LogitechCameraAssistant] C:\Program Files\Logitech\Video\CameraAssistant.exe
O4 - HKLM\..\Run: [LogitechVideo[inspector]] C:\Program Files\Logitech\Video\InstallHelper.exe /inspect
O4 - HKLM\..\Run: [LogitechCameraService(E)] C:\WINDOWS\system32\ElkCtrl.exe /automation
O4 - HKLM\..\Run: [NeroFilterCheck] C:\WINDOWS\system32\NeroCheck.exe
O4 - HKLM\..\Run: [ISUSPM Startup] "C:\Program Files\Common Files\InstallShield\UpdateService\isuspm.exe" -startup
O4 - HKLM\..\Run: [ISUSScheduler] "C:\Program Files\Common Files\InstallShield\UpdateService\issch.exe" -start
O4 - HKLM\..\Run: [PWRISOVM.EXE] C:\Program Files\PowerISO\PWRISOVM.EXE
O4 - HKLM\..\Run: [Windows Defender] "C:\Program Files\Windows Defender\MSASCui.exe" -hide
O4 - HKLM\..\Run: [Adobe Version Cue CS2] "C:\Program Files\Adobe\Adobe Version Cue CS2\ControlPanel\VersionCueCS2Tray.exe"
O4 - HKLM\..\Run: [RTHDCPL] RTHDCPL.EXE
O4 - HKLM\..\Run: [Alcmtr] ALCMTR.EXE
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [iTunesHelper] "C:\Program Files\iTunes\iTunesHelper.exe"
O4 - HKLM\..\Run: [outlook] C:\Program Files\outlook\outlook.exe /auto
O4 - HKLM\..\Run: [winlog] winlog.exe
O4 - HKLM\..\Run: [Acrobat Assistant 7.0] "C:\Program Files\Adobe\Acrobat 7.0\Distillr\Acrotray.exe"
O4 - HKLM\..\RunServices: [winlog] winlog.exe
O4 - HKCU\..\Run: [MSMSGS] "C:\Program Files\Messenger\msmsgs.exe" /background
O4 - HKCU\..\Run: [LDM] C:\Program Files\Logitech\Desktop Messenger\8876480\Program\LogitechDesktopMessenger.exe
O4 - HKCU\..\Run: [BgMonitor_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA}] "C:\Program Files\Common Files\Ahead\lib\NMBgMonitor.exe"
O4 - HKCU\..\Run: [Store 'n' Go] C:\Documents and Settings\Tanya Main\Application Data\Verbatim Software\V-Key.exe
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [Rqwqqe] "C:\Documents and Settings\Tanya Main\Application Data\a?sembly\winlogon.exe"
O4 - HKCU\..\Run: [Scbu] "C:\DOCUME~1\TANYAM~1\MYDOCU~1\DOBE~1\winlogon.exe" -vt ndrv
O4 - Global Startup: Adobe Acrobat Speed Launcher.lnk = ?
O4 - Global Startup: Adobe Gamma.lnk = C:\Program Files\Common Files\Adobe\Calibration\Adobe Gamma Loader.exe
O4 - Global Startup: Logitech Desktop Messenger.lnk = C:\Program Files\Logitech\Desktop Messenger\8876480\Program\LogitechDesktopMessenger.exe
O4 - Global Startup: Quicken Scheduled Updates.lnk = ?
O8 - Extra context menu item: &Windows Live Search - res://C:\Program Files\Windows Live Toolbar\msntb.dll/search.htm
O8 - Extra context menu item: Convert link target to Adobe PDF - res://C:\Program Files\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIECapture.html
O8 - Extra context menu item: Convert link target to existing PDF - res://C:\Program Files\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIEAppend.html
O8 - Extra context menu item: Convert selected links to Adobe PDF - res://C:\Program Files\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIECaptureSelLinks.html
O8 - Extra context menu item: Convert selected links to existing PDF - res://C:\Program Files\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIEAppendSelLinks.html
O8 - Extra context menu item: Convert selection to Adobe PDF - res://C:\Program Files\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIECapture.html
O8 - Extra context menu item: Convert selection to existing PDF - res://C:\Program Files\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIEAppend.html
O8 - Extra context menu item: Convert to Adobe PDF - res://C:\Program Files\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIECapture.html
O8 - Extra context menu item: Convert to existing PDF - res://C:\Program Files\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIEAppend.html
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~4\Office10\EXCEL.EXE/3000
O8 - Extra context menu item: Open in new background tab - res://C:\Program Files\Windows Live Toolbar\Components\en-ca\msntabres.dll.mui/229?8cfca51a4ed045639d7b6bc063b7d9c1
O8 - Extra context menu item: Open in new foreground tab - res://C:\Program Files\Windows Live Toolbar\Components\en-ca\msntabres.dll.mui/230?8cfca51a4ed045639d7b6bc063b7d9c1
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_06\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_06\bin\ssv.dll
O9 - Extra button: Send to OneNote - {6EB2AA45-3F30-40e1-9864-45EB153C6EDC} - C:\WINDOWS\system32\mscoree.DLL
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~4\OFFICE11\REFIEBAR.DLL
O9 - Extra button: Connection Help - {E2D4D26B-0180-43a4-B05F-462D6D54C789} - C:\WINDOWS\PCHEALTH\HELPCTR\Vendors\CN=Hewlett-Packard,L=Cupertino,S=Ca,C=US\IEButton\support.htm
O9 - Extra 'Tools' menuitem: Connection Help - {E2D4D26B-0180-43a4-B05F-462D6D54C789} - C:\WINDOWS\PCHEALTH\HELPCTR\Vendors\CN=Hewlett-Packard,L=Cupertino,S=Ca,C=US\IEButton\support.htm
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe (file missing)
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe (file missing)
O9 - Extra button: (no name) - {F37F00B3-19B2-4a69-B923-7A24AF07EE68} - C:\WINDOWS\system32\mscoree.DLL
O9 - Extra 'Tools' menuitem: Send to OneNote Settings - {F37F00B3-19B2-4a69-B923-7A24AF07EE68} - C:\WINDOWS\system32\mscoree.DLL
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O11 - Options group: [INTERNATIONAL] International*
O16 - DPF: {13EC55CF-D993-475B-9ACA-F4A384957956} (Controller Class) - https://www.windowsonecare.com/install/cli/...nSSWebAgent.CAB (http://\"https://www.windowsonecare.com/install/cli/1.1.1067.14/WinSSWebAgent.CAB\")
O16 - DPF: {2AF5BD25-90C5-4EEC-88C5-B44DC2905D8B} (DownloadManager Control) - http://dlm.tools.akamai.com/dlmanager/vers...vex-2.2.1.0.cab (http://\"http://dlm.tools.akamai.com/dlmanager/versions/activex/dlm-activex-2.2.1.0.cab\")
O16 - DPF: {2ED9BC2B-4DF1-472E-9B5E-55477D2C97F5} (Microsoft Data Collection Control) - https://support.microsoft.com/OAS/ActiveX/odc.cab (http://\"https://support.microsoft.com/OAS/ActiveX/odc.cab\")
O16 - DPF: {49232000-16E4-426C-A231-62846947304B} - http://ipgweb.cce.hp.com/rdqcpc/downloads/sysinfo.cab (http://\"http://ipgweb.cce.hp.com/rdqcpc/downloads/sysinfo.cab\")
O16 - DPF: {644E432F-49D3-41A1-8DD5-E099162EEEC5} (Symantec RuFSI Utility Class) - http://security.symantec.com/sscv6/SharedC...n/bin/cabsa.cab (http://\"http://security.symantec.com/sscv6/SharedContent/common/bin/cabsa.cab\")
O16 - DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} (MUWebControl Class) - http://update.microsoft.com/microsoftupdat...b?1145485701574 (http://\"http://update.microsoft.com/microsoftupdate/v6/V5Controls/en/x86/client/muweb_site.cab?1145485701574\")
O16 - DPF: {9A9307A0-7DA4-4DAF-B042-5009F29E09E1} (ActiveScan Installer Class) - http://acs.pandasoftware.com/activescan/as5free/asinst.cab (http://\"http://acs.pandasoftware.com/activescan/as5free/asinst.cab\")
O16 - DPF: {B38870E4-7ECB-40DA-8C6A-595F0A5519FF} (MsnMessengerSetupDownloadControl Class) - http://messenger.msn.com/download/MsnMesse...pDownloader.cab (http://\"http://messenger.msn.com/download/MsnMessengerSetupDownloader.cab\")
O18 - Protocol: bwfile-8876480 - {9462A756-7B47-47BC-8C80-C34B9B80B32B} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\GAPlugProtocol-8876480.dll
O18 - Protocol: livecall - {828030A1-22C1-4009-854F-8E305202313F} - C:\PROGRA~1\MSNMES~1\MSGRAP~1.DLL
O18 - Protocol: msnim - {828030A1-22C1-4009-854F-8E305202313F} - C:\PROGRA~1\MSNMES~1\MSGRAP~1.DLL
O20 - Winlogon Notify: WgaLogon - C:\WINDOWS\SYSTEM32\WgaLogon.dll
O21 - SSODL: WPDShServiceObj - {AAA288BA-9A4C-45B0-95D7-94D524869DB5} - C:\WINDOWS\system32\WPDShServiceObj.dll
O23 - Service: Adobe LM Service - Adobe Systems - C:\Program Files\Common Files\Adobe Systems Shared\Service\Adobelmsvc.exe
O23 - Service: Adobe Version Cue CS2 - Unknown owner - C:\Program Files\Adobe\Adobe Version Cue CS2\bin\VersionCueCS2.exe" -win32service (file missing)
O23 - Service: Intel® Quick Resume Technology Drivers (ELService) - Intel Corporation - C:\Program Files\Intel\IntelDH\Intel® Quick Resume Technology\ELService.exe
O23 - Service: Intel® Matrix Storage Event Monitor (IAANTMon) - Intel Corporation - C:\Program Files\Intel\Intel Matrix Storage Manager\iaantmon.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe
O23 - Service: iPod Service - Apple Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: LightScribeService Direct Disc Labeling Service (LightScribeService) - Hewlett-Packard Company - C:\Program Files\Common Files\LightScribe\LSSrvc.exe
O23 - Service: Logitech Process Monitor (LVPrcSrv) - Logitech Inc. - c:\program files\common files\logitech\lvmvfm\LVPrcSrv.exe
O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\system32\nvsvc32.exe
Post by: guestolo on May 26, 2007, 12:23:51 PM
I do see problems in your log, should be no problem removing the bad guys
Can you do a couple steps for me first however
Navigate to Hijackthis.exe
My Documents\My Downloads\utilities\hijackthis.exe
Right Click on hijackthis.exe and rename it too tanya.exe
Do another fresh scan and save logfile with tanya.exe (hijackthis) and post a fresh log
ALSO
Download and unzip to your desktop InstalledPrograms.zip (http://\"http://www.billsway.com/vbspage/vbsfiles/InstalledPrograms.zip\")
Double click on InstalledPrograms.vbs
Click OK at the IP prompt and click YES to view the results now
A text file will open, can you copy and paste back here the whole contents
ALLOW this script to run if prompted by your AntiVirus
Post by: tmirelle on May 26, 2007, 01:10:42 PM
OK new hijack log
Logfile of HijackThis v1.99.1
Scan saved at 10:58:17 AM, on 26/05/2007
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.6000.16441)
Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Windows Defender\MsMpEng.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
c:\program files\common files\logitech\lvmvfm\LVPrcSrv.exe
C:\Program Files\Adobe\Adobe Version Cue CS2\bin\VersionCueCS2.exe
C:\WINDOWS\arservice.exe
C:\WINDOWS\eHome\ehRecvr.exe
C:\WINDOWS\eHome\ehSched.exe
C:\Program Files\Intel\Intel Matrix Storage Manager\iaantmon.exe
C:\Program Files\Common Files\LightScribe\LSSrvc.exe
C:\Program Files\Common Files\Microsoft Shared\VS7DEBUG\MDM.EXE
C:\WINDOWS\system32\nvsvc32.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Intel\IntelDH\Intel® Quick Resume Technology\ELService.exe
C:\Program Files\Adobe\Adobe Version Cue CS2\data\database\bin\mysqld-nt.exe
C:\WINDOWS\system32\dllhost.exe
C:\Program Files\iPod\bin\iPodService.exe
C:\WINDOWS\system32\wscntfy.exe
C:\WINDOWS\Explorer.EXE
C:\HP\KBD\KBD.EXE
C:\Program Files\Intel\Intel Matrix Storage Manager\iaanotif.exe
C:\WINDOWS\system32\LVCOMSX.EXE
C:\Program Files\Logitech\Video\CameraAssistant.exe
C:\WINDOWS\system32\ElkCtrl.exe
C:\Program Files\Common Files\InstallShield\UpdateService\issch.exe
C:\Program Files\PowerISO\PWRISOVM.EXE
C:\Program Files\Windows Defender\MSASCui.exe
C:\Program Files\Adobe\Adobe Version Cue CS2\ControlPanel\VersionCueCS2Tray.exe
C:\WINDOWS\RTHDCPL.EXE
C:\Program Files\QuickTime\qttask.exe
C:\Program Files\iTunes\iTunesHelper.exe
C:\Program Files\outlook\outlook.exe
C:\Program Files\Adobe\Acrobat 7.0\Distillr\Acrotray.exe
C:\Program Files\Messenger\msmsgs.exe
C:\Program Files\Logitech\Desktop Messenger\8876480\Program\LogitechDesktopMessenger.exe
C:\Program Files\Common Files\Ahead\lib\NMBgMonitor.exe
C:\Documents and Settings\Tanya Main\Application Data\Verbatim Software\V-Key.exe
C:\WINDOWS\system32\ctfmon.exe
C:\WINDOWS\eHome\ehmsas.exe
C:\WINDOWS\eHome\EHTray.exe
C:\DOCUME~1\TANYAM~1\MYDOCU~1\DOBE~1\winlogon.exe
C:\Documents and Settings\Tanya Main\Application Data\a?sembly\winlogon.exe
C:\Program Files\Real\RealPlayer\realplay.exe
C:\Program Files\Common Files\Real\Update_OB\realsched.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Program Files\BitComet\BitComet.exe
C:\Program Files\Shaw Secure\backweb\3875767\program\fsbwsys.exe
C:\PROGRA~1\SHAWSE~1\backweb\3875767\Program\SERVIC~1.EXE
C:\Program Files\Shaw Secure\backweb\3875767\Program\fspex.exe
C:\Program Files\Microsoft Office\OFFICE11\OUTLOOK.EXE
C:\DOCUME~1\TANYAM~1\LOCALS~1\Temp\fsbwih.exe
C:\WINDOWS\TEMP\IHTEMP\program\inst\Setup.exe
C:\WINDOWS\TEMP\FsSetup0000001\FSSetup.exe
C:\Program Files\WinRAR\WinRAR.exe
C:\Documents and Settings\Tanya Main\My Documents\My Downloads\utilities\tanya.exe
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar = http://g.msn.com/0SEENUS/SAOS01?FORM=TOOLBR (http://\"http://g.msn.com/0SEENUS/SAOS01?FORM=TOOLBR\")
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = http://g.msn.com/0SEENUS/SAOS01?FORM=TOOLBR (http://\"http://g.msn.com/0SEENUS/SAOS01?FORM=TOOLBR\")
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?linkid=677 (http://\"http://go.microsoft.com/fwlink/?linkid=677\")
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157 (http://\"http://go.microsoft.com/fwlink/?LinkId=69157\")
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896 (http://\"http://go.microsoft.com/fwlink/?LinkId=54896\")
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896 (http://\"http://go.microsoft.com/fwlink/?LinkId=54896\")
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157 (http://\"http://go.microsoft.com/fwlink/?LinkId=69157\")
R1 - HKCU\Software\Microsoft\Internet Explorer\SearchURL,(Default) = http://g.msn.com/0SEENUS/SAOS01?FORM=TOOLBR (http://\"http://g.msn.com/0SEENUS/SAOS01?FORM=TOOLBR\")
R3 - Default URLSearchHook is missing
O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll
O2 - BHO: (no name) - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~1\UTILIT~1\SPYBOT~1\SDHelper.dll
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.5.0_06\bin\ssv.dll
O2 - BHO: (no name) - {7E853D72-626A-48EC-A868-BA8D5E23E045} - (no file)
O2 - BHO: Windows Live Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
O2 - BHO: AcroIEToolbarHelper Class - {AE7CD045-E861-484f-8273-0445EE161910} - C:\Program Files\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll
O2 - BHO: (no name) - {B5001D46-D9AE-DA7B-DD7F-88ADD3BF74E5} - C:\WINDOWS\system32\mjlpijb.dll
O2 - BHO: Windows Live Toolbar Helper - {BDBD1DAD-C946-4A17-ADC1-64B5B4FF55D0} - C:\Program Files\Windows Live Toolbar\msntb.dll
O3 - Toolbar: Windows Live Toolbar - {BDAD1DAD-C946-4A17-ADC1-64B5B4FF55D0} - C:\Program Files\Windows Live Toolbar\msntb.dll
O3 - Toolbar: Adobe PDF - {47833539-D0C5-4125-9FA8-0819E2EAAC93} - C:\Program Files\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [PS2] C:\WINDOWS\system32\ps2.exe
O4 - HKLM\..\Run: [KBD] C:\HP\KBD\KBD.EXE
O4 - HKLM\..\Run: [IAAnotif] C:\Program Files\Intel\Intel Matrix Storage Manager\iaanotif.exe
O4 - HKLM\..\Run: [LVCOMSX] C:\WINDOWS\system32\LVCOMSX.EXE
O4 - HKLM\..\Run: [LogitechCameraAssistant] C:\Program Files\Logitech\Video\CameraAssistant.exe
O4 - HKLM\..\Run: [LogitechVideo[inspector]] C:\Program Files\Logitech\Video\InstallHelper.exe /inspect
O4 - HKLM\..\Run: [LogitechCameraService(E)] C:\WINDOWS\system32\ElkCtrl.exe /automation
O4 - HKLM\..\Run: [NeroFilterCheck] C:\WINDOWS\system32\NeroCheck.exe
O4 - HKLM\..\Run: [ISUSPM Startup] "C:\Program Files\Common Files\InstallShield\UpdateService\isuspm.exe" -startup
O4 - HKLM\..\Run: [ISUSScheduler] "C:\Program Files\Common Files\InstallShield\UpdateService\issch.exe" -start
O4 - HKLM\..\Run: [PWRISOVM.EXE] C:\Program Files\PowerISO\PWRISOVM.EXE
O4 - HKLM\..\Run: [Windows Defender] "C:\Program Files\Windows Defender\MSASCui.exe" -hide
O4 - HKLM\..\Run: [Adobe Version Cue CS2] "C:\Program Files\Adobe\Adobe Version Cue CS2\ControlPanel\VersionCueCS2Tray.exe"
O4 - HKLM\..\Run: [RTHDCPL] RTHDCPL.EXE
O4 - HKLM\..\Run: [Alcmtr] ALCMTR.EXE
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [iTunesHelper] "C:\Program Files\iTunes\iTunesHelper.exe"
O4 - HKLM\..\Run: [outlook] C:\Program Files\outlook\outlook.exe /auto
O4 - HKLM\..\Run: [winlog] winlog.exe
O4 - HKLM\..\Run: [Acrobat Assistant 7.0] "C:\Program Files\Adobe\Acrobat 7.0\Distillr\Acrotray.exe"
O4 - HKLM\..\RunServices: [winlog] winlog.exe
O4 - HKCU\..\Run: [MSMSGS] "C:\Program Files\Messenger\msmsgs.exe" /background
O4 - HKCU\..\Run: [LDM] C:\Program Files\Logitech\Desktop Messenger\8876480\Program\LogitechDesktopMessenger.exe
O4 - HKCU\..\Run: [BgMonitor_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA}] "C:\Program Files\Common Files\Ahead\lib\NMBgMonitor.exe"
O4 - HKCU\..\Run: [Store 'n' Go] C:\Documents and Settings\Tanya Main\Application Data\Verbatim Software\V-Key.exe
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [Rqwqqe] "C:\Documents and Settings\Tanya Main\Application Data\a?sembly\winlogon.exe"
O4 - HKCU\..\Run: [Scbu] "C:\DOCUME~1\TANYAM~1\MYDOCU~1\DOBE~1\winlogon.exe" -vt ndrv
O4 - Global Startup: Adobe Acrobat Speed Launcher.lnk = ?
O4 - Global Startup: Adobe Gamma.lnk = C:\Program Files\Common Files\Adobe\Calibration\Adobe Gamma Loader.exe
O4 - Global Startup: Logitech Desktop Messenger.lnk = C:\Program Files\Logitech\Desktop Messenger\8876480\Program\LogitechDesktopMessenger.exe
O4 - Global Startup: Quicken Scheduled Updates.lnk = ?
O4 - Global Startup: Shaw Secure.lnk = C:\Program Files\Shaw Secure\backweb\3875767\Program\fspex.exe
O8 - Extra context menu item: &Windows Live Search - res://C:\Program Files\Windows Live Toolbar\msntb.dll/search.htm
O8 - Extra context menu item: Convert link target to Adobe PDF - res://C:\Program Files\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIECapture.html
O8 - Extra context menu item: Convert link target to existing PDF - res://C:\Program Files\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIEAppend.html
O8 - Extra context menu item: Convert selected links to Adobe PDF - res://C:\Program Files\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIECaptureSelLinks.html
O8 - Extra context menu item: Convert selected links to existing PDF - res://C:\Program Files\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIEAppendSelLinks.html
O8 - Extra context menu item: Convert selection to Adobe PDF - res://C:\Program Files\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIECapture.html
O8 - Extra context menu item: Convert selection to existing PDF - res://C:\Program Files\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIEAppend.html
O8 - Extra context menu item: Convert to Adobe PDF - res://C:\Program Files\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIECapture.html
O8 - Extra context menu item: Convert to existing PDF - res://C:\Program Files\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIEAppend.html
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~4\Office10\EXCEL.EXE/3000
O8 - Extra context menu item: Open in new background tab - res://C:\Program Files\Windows Live Toolbar\Components\en-ca\msntabres.dll.mui/229?8cfca51a4ed045639d7b6bc063b7d9c1
O8 - Extra context menu item: Open in new foreground tab - res://C:\Program Files\Windows Live Toolbar\Components\en-ca\msntabres.dll.mui/230?8cfca51a4ed045639d7b6bc063b7d9c1
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_06\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_06\bin\ssv.dll
O9 - Extra button: Send to OneNote - {6EB2AA45-3F30-40e1-9864-45EB153C6EDC} - C:\WINDOWS\system32\mscoree.DLL
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~4\OFFICE11\REFIEBAR.DLL
O9 - Extra button: Connection Help - {E2D4D26B-0180-43a4-B05F-462D6D54C789} - C:\WINDOWS\PCHEALTH\HELPCTR\Vendors\CN=Hewlett-Packard,L=Cupertino,S=Ca,C=US\IEButton\support.htm
O9 - Extra 'Tools' menuitem: Connection Help - {E2D4D26B-0180-43a4-B05F-462D6D54C789} - C:\WINDOWS\PCHEALTH\HELPCTR\Vendors\CN=Hewlett-Packard,L=Cupertino,S=Ca,C=US\IEButton\support.htm
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe (file missing)
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe (file missing)
O9 - Extra button: (no name) - {F37F00B3-19B2-4a69-B923-7A24AF07EE68} - C:\WINDOWS\system32\mscoree.DLL
O9 - Extra 'Tools' menuitem: Send to OneNote Settings - {F37F00B3-19B2-4a69-B923-7A24AF07EE68} - C:\WINDOWS\system32\mscoree.DLL
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O11 - Options group: [INTERNATIONAL] International*
O16 - DPF: {13EC55CF-D993-475B-9ACA-F4A384957956} (Controller Class) - https://www.windowsonecare.com/install/cli/...nSSWebAgent.CAB (http://\"https://www.windowsonecare.com/install/cli/1.1.1067.14/WinSSWebAgent.CAB\")
O16 - DPF: {2AF5BD25-90C5-4EEC-88C5-B44DC2905D8B} (DownloadManager Control) - http://dlm.tools.akamai.com/dlmanager/vers...vex-2.2.1.0.cab (http://\"http://dlm.tools.akamai.com/dlmanager/versions/activex/dlm-activex-2.2.1.0.cab\")
O16 - DPF: {2ED9BC2B-4DF1-472E-9B5E-55477D2C97F5} (Microsoft Data Collection Control) - https://support.microsoft.com/OAS/ActiveX/odc.cab (http://\"https://support.microsoft.com/OAS/ActiveX/odc.cab\")
O16 - DPF: {49232000-16E4-426C-A231-62846947304B} - http://ipgweb.cce.hp.com/rdqcpc/downloads/sysinfo.cab (http://\"http://ipgweb.cce.hp.com/rdqcpc/downloads/sysinfo.cab\")
O16 - DPF: {644E432F-49D3-41A1-8DD5-E099162EEEC5} (Symantec RuFSI Utility Class) - http://security.symantec.com/sscv6/SharedC...n/bin/cabsa.cab (http://\"http://security.symantec.com/sscv6/SharedContent/common/bin/cabsa.cab\")
O16 - DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} (MUWebControl Class) - http://update.microsoft.com/microsoftupdat...b?1145485701574 (http://\"http://update.microsoft.com/microsoftupdate/v6/V5Controls/en/x86/client/muweb_site.cab?1145485701574\")
O16 - DPF: {9A9307A0-7DA4-4DAF-B042-5009F29E09E1} (ActiveScan Installer Class) - http://acs.pandasoftware.com/activescan/as5free/asinst.cab (http://\"http://acs.pandasoftware.com/activescan/as5free/asinst.cab\")
O16 - DPF: {B38870E4-7ECB-40DA-8C6A-595F0A5519FF} (MsnMessengerSetupDownloadControl Class) - http://messenger.msn.com/download/MsnMesse...pDownloader.cab (http://\"http://messenger.msn.com/download/MsnMessengerSetupDownloader.cab\")
O18 - Protocol: bwfile-8876480 - {9462A756-7B47-47BC-8C80-C34B9B80B32B} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\GAPlugProtocol-8876480.dll
O18 - Protocol: livecall - {828030A1-22C1-4009-854F-8E305202313F} - C:\PROGRA~1\MSNMES~1\MSGRAP~1.DLL
O18 - Protocol: msnim - {828030A1-22C1-4009-854F-8E305202313F} - C:\PROGRA~1\MSNMES~1\MSGRAP~1.DLL
O20 - Winlogon Notify: WgaLogon - C:\WINDOWS\SYSTEM32\WgaLogon.dll
O21 - SSODL: WPDShServiceObj - {AAA288BA-9A4C-45B0-95D7-94D524869DB5} - C:\WINDOWS\system32\WPDShServiceObj.dll
O23 - Service: Adobe LM Service - Adobe Systems - C:\Program Files\Common Files\Adobe Systems Shared\Service\Adobelmsvc.exe
O23 - Service: Adobe Version Cue CS2 - Unknown owner - C:\Program Files\Adobe\Adobe Version Cue CS2\bin\VersionCueCS2.exe" -win32service (file missing)
O23 - Service: Shaw Secure (BackWeb Plug-in - 3875767) - BackWeb Technologies Inc. - C:\PROGRA~1\SHAWSE~1\backweb\3875767\Program\SERVIC~1.EXE
O23 - Service: Intel® Quick Resume Technology Drivers (ELService) - Intel Corporation - C:\Program Files\Intel\IntelDH\Intel® Quick Resume Technology\ELService.exe
O23 - Service: FSBWSYS - F-Secure Corp. - C:\Program Files\Shaw Secure\backweb\3875767\program\fsbwsys.exe
O23 - Service: Intel® Matrix Storage Event Monitor (IAANTMon) - Intel Corporation - C:\Program Files\Intel\Intel Matrix Storage Manager\iaantmon.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe
O23 - Service: iPod Service - Apple Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: LightScribeService Direct Disc Labeling Service (LightScribeService) - Hewlett-Packard Company - C:\Program Files\Common Files\LightScribe\LSSrvc.exe
O23 - Service: Logitech Process Monitor (LVPrcSrv) - Logitech Inc. - c:\program files\common files\logitech\lvmvfm\LVPrcSrv.exe
O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\system32\nvsvc32.exe
Other thing:
INSTALLED SOFTWARE (366) - TANYA-HOME - 26/05/2007 11:05:32 AM
1Click DVD Copy Pro 2.4.1.6 Installed: 25/05/2007
5 Card Slingo from HP Media Center (remove only)
7-Zip 4.42
Adobe Acrobat 7.0 Professional Ver: 7.0.0 Installed: 24/05/2007
Adobe Acrobat 7.0 Professional Ver: 7.0.0 Installed: 24/05/2007
Adobe Bridge 1.0 Ver: 001.000.004 Installed: 11/02/2007
Adobe Common File Installer Ver: 1.00.0000 Installed: 11/02/2007
Adobe Creative Suite 2
Adobe Flash Player 9 ActiveX Ver: 9
Adobe GoLive CS2 Ver: 8.0.1 Installed: 11/02/2007
Adobe Help Center 1.0 Ver: 001.000.000 Installed: 11/02/2007
Adobe Illustrator CS2 Ver: 12.000.000 Installed: 11/02/2007
Adobe InDesign CS2 Ver: 004.000.000 Installed: 11/02/2007
Adobe PageMaker Plug-in Pack Ver: 3.00.000
Adobe Photoshop CS2 Ver: 9.0 Installed: 11/02/2007
Adobe Stock Photos 1.0 Ver: 1.0.8 Installed: 16/02/2007
Adobe SVG Viewer 3.0 Ver: 3.0
Adobe Type Manager 4.1
Adobe Version Cue CS2 Ver: 2.0.1 Installed: 11/02/2007
Advanced Text2Gif 1.0
Agere Systems PCI-SV92PP Soft Modem
AiO_Scan_CDA Ver: 50.0.214.000 Installed: 04/03/2006
AiOSoftwareNPI Ver: 50.0.214.000 Installed: 04/03/2006
Apple Software Update Ver: 1.1.0.3 Installed: 24/05/2007
AstroPop Deluxe from HP Media Center (remove only)
Bejeweled 2 Deluxe from HP Media Center (remove only)
BitComet 0.70 Ver: 0.70
Blackhawk Striker 2 from HP Media Center (remove only)
Blasterball 2 from HP Media Center (remove only)
Blasterball 2 Remix from HP Media Center (remove only)
Boggle Supreme from HP Media Center (remove only)
Bookworm Deluxe from HP Media Center (remove only)
Bounce Symphony from HP Media Center (remove only)
BufferChm Ver: 53.0.13.000 Installed: 04/03/2006
Chuzzle Deluxe from HP Media Center (remove only)
CleanUp!
CodeStuff Starter Ver: 5.6.2.0
CorelDRAW Graphics Suite X3 Ver: 13.1 Installed: 11/02/2007
CP_AtenaShokunin1Config Ver: 53.0.13.000 Installed: 04/03/2006
CP_CalendarTemplates1 Ver: 53.0.13.000 Installed: 04/03/2006
cp_LightScribeConfig Ver: 53.0.24.000 Installed: 23/12/2005
cp_LightScribePlugin Ver: 53.0.24.000 Installed: 23/12/2005
CP_Package_Basic1 Ver: 53.0.13.000 Installed: 04/03/2006
CP_Package_Variety1 Ver: 53.0.13.000 Installed: 23/12/2005
CP_Package_Variety2 Ver: 53.0.13.000 Installed: 23/12/2005
CP_Package_Variety3 Ver: 53.0.13.000 Installed: 23/12/2005
CP_Panorama1Config Ver: 53.0.13.000 Installed: 04/03/2006
Crystal Maze from HP Media Center (remove only)
CueTour Ver: 53.0.13.000 Installed: 04/03/2006
Customer Experience Enhancement Ver: Customer Experience Enhancement -1.0.0.1680 Installed: 23/12/2005
Customer Experience Enhancement Ver: Customer Experience Enhancement -1.0.0.1680 Installed: 23/12/2005
CustomerResearchQFolder Ver: 1.00.0000 Installed: 04/03/2006
Destinations Ver: 53.0.13.000 Installed: 04/03/2006
DeviceFunctionQFolder Ver: 1.00.0000 Installed: 04/03/2006
DeviceManagementQFolder Ver: 1.00.0000 Installed: 04/03/2006
DivX 5.0.2 Bundle
DocProc Ver: 5.2.0.0 Installed: 04/03/2006
DocumentViewer Ver: 53.0.13.000 Installed: 04/03/2006
DocumentViewerQFolder Ver: 1.00.0000 Installed: 04/03/2006
Dr Watson for Microsoft Windows OneCare Live v1.1.1067.14 Ver: 1.1.1067.14 Installed: 07/01/2007
DVD Ripper Platinum 4 Ver: 4.0.75.0511
EN Ver: 13.1 Installed: 11/02/2007
eSupportQFolder Ver: 1.00.0000 Installed: 04/03/2006
FATE from HP Media Center (remove only)
Fax_CDA Ver: 50.0.214.000 Installed: 04/03/2006
FontNav Ver: 5.0 Installed: 11/02/2007
FullDPAppQFolder Ver: 1.00.0000 Installed: 04/03/2006
GdiplusUpgrade Ver: 1.00.01 Installed: 07/04/2006
GemMaster Mystic
High Definition Audio Driver Package - KB888111 Ver: 20040219.000000
HijackThis 1.99.1 Ver: 1.99.1
Hotfix for Windows Media Format 11 SDK (KB929399) Installed: 14/03/2007
Hotfix for Windows Media Player 10 (KB903157)
Hotfix for Windows XP (KB888795) Ver: 3
Hotfix for Windows XP (KB891593) Ver: 2
Hotfix for Windows XP (KB895961) Ver: 1
Hotfix for Windows XP (KB896344) Ver: 2
Hotfix for Windows XP (KB899337) Ver: 5
Hotfix for Windows XP (KB899510) Ver: 1
Hotfix for Windows XP (KB902841) Ver: 1
Hotfix for Windows XP (KB912024) Ver: 2 Installed: 01/03/2006
Hotfix for Windows XP (KB914440) Ver: 12 Installed: 02/11/2006
Hotfix for Windows XP (KB915865) Ver: 10 Installed: 02/11/2006
Hotfix for Windows XP (KB926239) Ver: 2 Installed: 05/01/2007
Hotfix for Windows XP (KB928388) Ver: 1 Installed: 14/01/2007
Hotfix for Windows XP (KB935448) Ver: 1 Installed: 11/04/2007
HP Boot Optimizer Ver: 2.0.5.1
HP DigitalMedia Archive Ver: 1.2 Installed: 23/12/2005
HP Document Viewer 5.3 Ver: 5.3
HP Extended Capabilities 5.3 Ver: 5.3
HP Game Console and games
HP Image Zone 5.3 Ver: 5.3
HP Image Zone for Media Center PC
HP Imaging Device Functions 5.3 Ver: 5.3
HP Multimedia Keyboard Software
HP Photosmart Essential Ver: 1.12.0.46 Installed: 31/03/2007
HP PSC & OfficeJet 5.3.A
HP Software Update Ver: 3.0.5.001 Installed: 04/03/2006
HP Software Update Ver: 3.0.6.002 Installed: 23/12/2005
HP Solution Center & Imaging Support Tools 5.3 Ver: 5.3
HPProductAssistant Ver: 53.0.13.000 Installed: 04/03/2006
HpSdpAppCoreApp Ver: 3.00.0000 Installed: 23/12/2005
Insaniquarium Deluxe from HP Media Center (remove only)
InstantShareDevices Ver: 53.0.13.000 Installed: 04/03/2006
Intel Matrix Storage Manager
Intel® PRO Network Connections Drivers
Intel® Quick Resume Technology Drivers Ver: 1.0.0.1093 Installed: 18/03/2006
Intel® Quick Resume Technology Drivers Ver: 1.0.0.1093 Installed: 18/03/2006
Intel® Viiv™ Software Ver: 1.0.2.2015 Installed: 28/02/2006
InterVideo WinDVD Player
InterVideo WinDVD Player Ver: 5.0-B11.896
iTunes Ver: 7.1.1.5 Installed: 24/05/2007
J2SE Runtime Environment 5.0 Update 5 Ver: 1.5.0.50 Installed: 23/12/2005
J2SE Runtime Environment 5.0 Update 6 Ver: 1.5.0.60 Installed: 08/03/2006
Lemonade Tycoon 2 from HP Media Center (remove only)
Lexibox Deluxe from HP Media Center (remove only)
LightScribe 1.4.56.1 Ver: 1.4.56.1 Installed: 23/12/2005
Logitech Desktop Messenger Ver: 2.52.18
Logitech QuickCam Software Ver: 9.50.0000
Logitech® Camera Driver
Macromedia Dreamweaver 8 Ver: 8.0.0.2734 Installed: 11/02/2006
Macromedia Extension Manager Ver: 1.7.240 Installed: 11/02/2006
Macromedia Fireworks 8 Ver: 8.0.0.777 Installed: 11/02/2006
Macromedia Flash 8 Ver: 8.00.0000 Installed: 11/02/2006
Macromedia Flash 8 Video Encoder Ver: 1.00.0000 Installed: 11/02/2006
Macromedia Flash Player 8 Ver: 8.0.22.0 Installed: 11/02/2006
Macromedia Flash Player 8 Plugin Ver: 8.0.22.0 Installed: 11/02/2006
Macromedia FreeHand 10 Ver: 10
Magic ISO Maker v5.2 (build 0191)
Mah Jong Quest from HP Media Center (remove only)
MarketResearch Ver: 53.0.13.000 Installed: 04/03/2006
Media Center Karaoke Plug-in Ver: 1.0.1231 Installed: 18/03/2007
Microsoft .NET Framework 1.0 Hotfix (KB887998) Installed: 08/02/2006
Microsoft .NET Framework 1.1
Microsoft .NET Framework 1.1 Ver: 1.1.4322 Installed: 16/03/2006
Microsoft .NET Framework 1.1 Hotfix (KB886903)
Microsoft .NET Framework 2.0
Microsoft .NET Framework 2.0 Ver: 2.0.50727 Installed: 12/10/2006
Microsoft .NET Framework 3.0
Microsoft .NET Framework 3.0 Ver: 3.0.04506.30 Installed: 17/02/2007
Microsoft Away Mode Ver: 6.0.0160.0
Microsoft Base Smart Card Cryptographic Service Provider Package
Microsoft Compression Client Pack 1.0 for Windows XP Ver: 1 Installed: 05/01/2007
Microsoft Internationalized Domain Names Mitigation APIs Installed: 02/11/2006
Microsoft National Language Support Downlevel APIs Installed: 02/11/2006
Microsoft Office Live Meeting 2005 Replay Wrapper Ver: 7.4.SR.2121.17 Installed: 09/02/2006
Microsoft Office Professional Edition 2003 Ver: 11.0.7969.0 Installed: 09/05/2007
Microsoft Outlook Personal Folders Backup Ver: 1.10.0.0 Installed: 09/02/2006
Microsoft Plus! for Windows XP Ver: 1.00.00.0536 Installed: 12/02/2006
Microsoft User-Mode Driver Framework Feature Pack 1.0 Installed: 05/01/2007
Microsoft Works Ver: 08.04.0623 Installed: 23/12/2005
MSXML 4.0 SP2 (KB925672) Ver: 4.20.9839.0 Installed: 14/10/2006
MSXML 4.0 SP2 (KB927978) Ver: 4.20.9841.0 Installed: 16/11/2006
MSXML 4.0 SP2 Parser and SDK Ver: 4.20.9818.0 Installed: 07/01/2007
MSXML 6.0 Parser (KB927977) Ver: 6.00.3890.0 Installed: 17/02/2007
muvee autoProducer 4.5 Ver: 4.50.050
muvee autoProducer unPlugged 1.2 Ver: 1.20.100
Nero 7 Ultra Edition Ver: 7.00.0177 Installed: 12/06/2006
Netscape Browser (remove only)
NewCopy_CDA Ver: 50.0.214.000 Installed: 04/03/2006
NVIDIA Drivers
oggcodecs 0.71.0946 Ver: 0.71.0946
Otto
Panda ActiveScan
PanoStandAlone Ver: 53.0.13.000 Installed: 04/03/2006
PC-Doctor 5 for Windows Ver: 5.00.3187.03
PDF Password Remover v2.5
PhotoGallery Ver: 53.0.13.000 Installed: 04/03/2006
Polar Bowler from HP Media Center (remove only)
Polar Golfer from HP Media Center (remove only)
PowerISO
ProductContextNPI Ver: 50.0.214.000 Installed: 04/03/2006
PS2
Python 2.2 pywin32 extensions (build 203)
Python 2.2.3 Ver: 2.2.3
QuarkXPress 6.0 Ver: 6.00.0000 Installed: 20/05/2006
Quicken 2006 Ver: 15.1.1.29 Installed: 23/12/2005
Quicken 2006 Ver: Quicken 2006 Installed: 13/08/2006
QuickTime Ver: 7.1.6.200 Installed: 24/05/2007
RandMap Ver: 53.0.13.000 Installed: 04/03/2006
Readme Ver: 50.0.214.000 Installed: 04/03/2006
RealPlayer
Realtek High Definition Audio Driver Ver: 2.05 Installed: 08/04/2007
Remove Hidden Data Tool Ver: 11.0.6361.0 Installed: 09/02/2006
Remove IntelliMover Demo
Rhapsody Player Engine Ver: 1.0.636 Installed: 04/07/2006
Scan Ver: 5.2.0.0 Installed: 04/03/2006
ScannerCopy Ver: 5.2.0.0 Installed: 04/03/2006
SCRABBLE from HP Media Center (remove only)
SecondLife (remove only)
Security Update for CAPICOM (KB931906) Ver: 2.1.0.2
Security Update for CAPICOM (KB931906) Ver: 2.1.0.2 Installed: 09/05/2007
Security Update for Microsoft .NET Framework 2.0 (KB917283) Ver: 1
Security Update for Microsoft .NET Framework 2.0 (KB922770) Ver: 1
Security Update for Step By Step Interactive Training (KB898458) Ver: 20050502.101010 Installed: 08/02/2006
Security Update for Step By Step Interactive Training (KB923723) Ver: 20050502.101010 Installed: 16/02/2007
Security Update for Windows Internet Explorer 7 (KB928090) Ver: 20070117.120000 Installed: 16/02/2007
Security Update for Windows Internet Explorer 7 (KB929969) Ver: 20061222.120000 Installed: 10/01/2007
Security Update for Windows Internet Explorer 7 (KB931768) Ver: 1 Installed: 09/05/2007
Security Update for Windows Media Player 10 (KB911565) Installed: 15/02/2006
Security Update for Windows Media Player 10 (KB917734) Installed: 16/06/2006
Security Update for Windows Media Player 6.4 (KB925398) Installed: 13/12/2006
Security Update for Windows XP (KB890046) Ver: 1 Installed: 08/02/2006
Security Update for Windows XP (KB893756) Ver: 1 Installed: 08/02/2006
Security Update for Windows XP (KB896358) Ver: 1 Installed: 23/12/2005
Security Update for Windows XP (KB896422) Ver: 1 Installed: 23/12/2005
Security Update for Windows XP (KB896423) Ver: 1 Installed: 08/02/2006
Security Update for Windows XP (KB896424) Ver: 1 Installed: 08/02/2006
Security Update for Windows XP (KB896428) Ver: 1 Installed: 08/02/2006
Security Update for Windows XP (KB896688) Ver: 1 Installed: 23/12/2005
Security Update for Windows XP (KB899587) Ver: 1 Installed: 08/02/2006
Security Update for Windows XP (KB899589) Ver: 1 Installed: 08/02/2006
Security Update for Windows XP (KB899591) Ver: 1 Installed: 08/02/2006
Security Update for Windows XP (KB900725) Ver: 1 Installed: 08/02/2006
Security Update for Windows XP (KB901017) Ver: 1 Installed: 08/02/2006
Security Update for Windows XP (KB901214) Ver: 1 Installed: 23/12/2005
Security Update for Windows XP (KB902400) Ver: 1 Installed: 23/12/2005
Security Update for Windows XP (KB904706) Ver: 2 Installed: 09/02/2006
Security Update for Windows XP (KB905414) Ver: 1 Installed: 08/02/2006
Security Update for Windows XP (KB905749) Ver: 1 Installed: 08/02/2006
Security Update for Windows XP (KB905915) Ver: 1 Installed: 09/02/2006
Security Update for Windows XP (KB908519) Ver: 1 Installed: 09/02/2006
Security Update for Windows XP (KB908531) Ver: 1 Installed: 12/04/2006
Security Update for Windows XP (KB911280) Ver: 1 Installed: 16/06/2006
Security Update for Windows XP (KB911562) Ver: 1 Installed: 12/04/2006
Security Update for Windows XP (KB911567) Ver: 1 Installed: 12/04/2006
Security Update for Windows XP (KB911927) Ver: 1 Installed: 15/02/2006
Security Update for Windows XP (KB912812) Ver: 1 Installed: 12/04/2006
Security Update for Windows XP (KB912919) Ver: 1 Installed: 09/02/2006
Security Update for Windows XP (KB913446) Ver: 1 Installed: 15/02/2006
Security Update for Windows XP (KB913580) Ver: 1 Installed: 10/05/2006
Security Update for Windows XP (KB914388) Ver: 1 Installed: 12/07/2006
Security Update for Windows XP (KB914389) Ver: 1 Installed: 16/06/2006
Security Update for Windows XP (KB916281) Ver: 1 Installed: 16/06/2006
Security Update for Windows XP (KB917159) Ver: 1 Installed: 12/07/2006
Security Update for Windows XP (KB917344) Ver: 1 Installed: 16/06/2006
Security Update for Windows XP (KB917422) Ver: 1 Installed: 10/08/2006
Security Update for Windows XP (KB917953) Ver: 1 Installed: 16/06/2006
Security Update for Windows XP (KB918118) Ver: 1 Installed: 16/02/2007
Security Update for Windows XP (KB918439) Ver: 1 Installed: 16/06/2006
Security Update for Windows XP (KB918899) Ver: 1 Installed: 10/08/2006
Security Update for Windows XP (KB919007) Ver: 1 Installed: 13/09/2006
Security Update for Windows XP (KB920213) Ver: 1 Installed: 16/11/2006
Security Update for Windows XP (KB920214) Ver: 1 Installed: 10/08/2006
Security Update for Windows XP (KB920670) Ver: 1 Installed: 10/08/2006
Security Update for Windows XP (KB920683) Ver: 1 Installed: 10/08/2006
Security Update for Windows XP (KB920685) Ver: 1 Installed: 13/09/2006
Security Update for Windows XP (KB921398) Ver: 1 Installed: 10/08/2006
Security Update for Windows XP (KB921883) Ver: 1 Installed: 09/08/2006
Security Update for Windows XP (KB922616) Ver: 1 Installed: 10/08/2006
Security Update for Windows XP (KB922819) Ver: 1 Installed: 12/10/2006
Security Update for Windows XP (KB923191) Ver: 1 Installed: 12/10/2006
Security Update for Windows XP (KB923414) Ver: 1 Installed: 12/10/2006
Security Update for Windows XP (KB923689) Installed: 13/12/2006
Security Update for Windows XP (KB923694) Ver: 1 Installed: 13/12/2006
Security Update for Windows XP (KB923980) Ver: 1 Installed: 16/11/2006
Security Update for Windows XP (KB924191) Ver: 1 Installed: 12/10/2006
Security Update for Windows XP (KB924270) Ver: 1 Installed: 16/11/2006
Security Update for Windows XP (KB924496) Ver: 1 Installed: 12/10/2006
Security Update for Windows XP (KB924667) Ver: 1 Installed: 16/02/2007
Security Update for Windows XP (KB925486) Ver: 1 Installed: 27/09/2006
Security Update for Windows XP (KB925902) Ver: 1 Installed: 04/04/2007
Security Update for Windows XP (KB926255) Ver: 1 Installed: 13/12/2006
Security Update for Windows XP (KB926436) Ver: 1 Installed: 16/02/2007
Security Update for Windows XP (KB927779) Ver: 1 Installed: 16/02/2007
Security Update for Windows XP (KB927802) Ver: 1 Installed: 16/02/2007
Security Update for Windows XP (KB928255) Ver: 1 Installed: 16/02/2007
Security Update for Windows XP (KB928843) Ver: 1 Installed: 16/02/2007
Security Update for Windows XP (KB930178) Ver: 1 Installed: 11/04/2007
Security Update for Windows XP (KB931261) Ver: 1 Installed: 11/04/2007
Security Update for Windows XP (KB931784) Ver: 1 Installed: 11/04/2007
Security Update for Windows XP (KB932168) Ver: 1 Installed: 11/04/2007
Send to OneNote from IE Powertoy Ver: 1.0.2 Installed: 09/02/2006
Shared Add-in Extensibility Update for Microsoft .NET Framework 2.0 (KB908002) Ver: 1.0.0 Installed: 24/05/2007
Shared Add-in Support Update for Microsoft .NET Framework 2.0 (KB908002) Ver: 1.0.0 Installed: 24/05/2007
Shaw Secure
Shooting Stars Pool from HP Media Center (remove only)
Shrek 2 Ogre Bowler from HP Media Center (remove only)
SkinsHP1 Ver: 53.0.13.000 Installed: 04/03/2006
Slingo Deluxe from HP Media Center (remove only)
Smart Menus (Windows Live Toolbar) Ver: 03.01.0072 Installed: 07/11/2006
SolutionCenter Ver: 50.0.152.000 Installed: 04/03/2006
Sonic Express Labeler Ver: 2.1.0 Installed: 23/12/2005
Sonic MyDVD Plus Ver: 6.2.0 Installed: 23/12/2005
Sonic RecordNow Audio Ver: 2.0.4 Installed: 23/12/2005
Sonic RecordNow Copy Ver: 2.0.4 Installed: 23/12/2005
Sonic RecordNow Data Ver: 2.0.4 Installed: 23/12/2005
Sonic Update Manager Ver: 3.0.0 Installed: 23/12/2005
Sonic_PrimoSDK Ver: 53.0.13.000 Installed: 04/03/2006
Spybot - Search & Destroy 1.4 Ver: 1.4
SpywareBlaster v3.5.1 Ver: 3.5.1
Status Ver: 53.0.13.000 Installed: 04/03/2006
Suite Specific Ver: 2.0.0 Installed: 11/02/2007
Super Granny from HP Media Center (remove only)
Tabbed Browsing (Windows Live Toolbar) Ver: 03.01.0072 Installed: 07/11/2006
TopStyle Lite (Version 3.0) Ver: 3.1.0
Tradewinds from HP Media Center (remove only)
TrayApp Ver: 53.0.13.000 Installed: 04/03/2006
Unload Ver: 5.0.0 Installed: 04/03/2006
Update for Windows Media Player 10 (KB910393) Installed: 09/02/2006
Update for Windows Media Player 10 (KB913800) Installed: 29/04/2006
Update for Windows Media Player 10 (KB926251) Installed: 13/12/2006
Update for Windows XP (KB894391) Ver: 1
Update for Windows XP (KB898461) Ver: 1 Installed: 08/02/2006
Update for Windows XP (KB900485) Ver: 2 Installed: 29/04/2006
Update for Windows XP (KB900930) Ver: 1
Update for Windows XP (KB904942) Ver: 2 Installed: 01/03/2006
Update for Windows XP (KB910437) Ver: 1 Installed: 09/02/2006
Update for Windows XP (KB912945) Ver: 1 Installed: 01/03/2006
Update for Windows XP (KB914882) Ver: 1 Installed: 07/01/2007
Update for Windows XP (KB916595) Ver: 1 Installed: 12/07/2006
Update for Windows XP (KB920342) Ver: 1 Installed: 17/02/2007
Update for Windows XP (KB920872) Ver: 1 Installed: 13/09/2006
Update for Windows XP (KB922582) Ver: 1 Installed: 13/09/2006
Update for Windows XP (KB925720) Ver: 1 Installed: 18/02/2007
Update for Windows XP (KB925876) Ver: 1 Installed: 17/02/2007
Update for Windows XP (KB927891) Ver: 3 Installed: 23/05/2007
Update for Windows XP (KB929338) Ver: 1 Installed: 14/03/2007
Update for Windows XP (KB930916) Ver: 1 Installed: 09/05/2007
Update for Windows XP (KB931836) Ver: 1 Installed: 16/02/2007
Update Manager Ver: 4.60 Installed: 12/07/2006
Update Rollup 2 for Windows XP Media Center Edition 2005
Updates from HP (remove only)
VBA Ver: 6.2 Installed: 11/02/2007
WebFldrs XP Ver: 9.50.7523 Installed: 30/08/2005
WebReg Ver: 53.0.13.000 Installed: 04/03/2006
Windows Communication Foundation Ver: 3.0.04506.30 Installed: 17/02/2007
Windows Defender Ver: 1.1.1593.0 Installed: 04/01/2007
Windows Genuine Advantage Notifications (KB905474) Ver: 1.7.0017.0 Installed: 30/06/2006
Windows Genuine Advantage Validation Tool (KB892130) Ver: 1.5.0530.0 Installed: 01/03/2006
Windows Imaging Component Ver: 3.0.0.0 Installed: 17/02/2007
Windows Installer 3.1 (KB893803) Ver: 3.1
Windows Internet Explorer 7 Ver: 20061027.150806 Installed: 02/11/2006
Windows Live Messenger Ver: 8.1.0178.00 Installed: 27/04/2007
Windows Live Sign-in Assistant Ver: 4.000.246.1 Installed: 10/06/2006
Windows Live Toolbar Ver: 03.01.0072
Windows Live Toolbar Ver: 03.01.0072 Installed: 07/11/2006
Windows Live Toolbar Extension (Windows Live Toolbar) Ver: 03.01.0072 Installed: 07/11/2006
Windows Media Format 11 runtime
Windows Media Format 11 runtime Installed: 05/01/2007
Windows Media Player 11
Windows Media Player 11 Installed: 05/01/2007
Windows Presentation Foundation Ver: 3.0.6920.0 Installed: 17/02/2007
Windows Workflow Foundation Ver: 3.0.4203.2 Installed: 17/02/2007
Windows XP Hotfix - KB873339 Ver: 20041117.092459
Windows XP Hotfix - KB883667 Ver: 20040812.104354
Windows XP Hotfix - KB885250 Ver: 20050118.202711
Windows XP Hotfix - KB885835 Ver: 20041027.181713
Windows XP Hotfix - KB885836 Ver: 20041028.173203
Windows XP Hotfix - KB885884 Ver: 20040924.025457
Windows XP Hotfix - KB886185 Ver: 20041021.090540
Windows XP Hotfix - KB887472 Ver: 20041014.162858
Windows XP Hotfix - KB887742 Ver: 20041103.095002
Windows XP Hotfix - KB887797 Ver: 20041018.133824
Windows XP Hotfix - KB888113 Ver: 20041116.131036
Windows XP Hotfix - KB888302 Ver: 20041207.111426
Windows XP Hotfix - KB890175 Ver: 20041201.233338
Windows XP Hotfix - KB890859 Ver: 1 Installed: 08/02/2006
Windows XP Hotfix - KB891781 Ver: 20050110.165439
Windows XP Hotfix - KB892050 Ver: 3 Installed: 23/12/2005
Windows XP Hotfix - KB893066 Ver: 1 Installed: 23/12/2005
Windows XP Media Center Edition 2005 KB925766 Installed: 05/01/2007
WinRAR archiver
WMPTagSupportExtender Ver: 1.4 Installed: 06/04/2007
XML Paper Specification Shared Components Pack 1.0 Installed: 17/02/2007
Zuma Deluxe from HP Media Center (remove only)
Post by: guestolo on May 26, 2007, 01:37:11 PM
Let's not run a scan yet
Can you do the following instead
If Shaw-Secure is bundled with a Spyware realtime protections, can you disable them for now
Also
Can you disable Windows Defender's protections also, It may interfere with any fixes we try
Open Windows Defender.
Click on Tools, General Settings.
Scroll down and uncheck Turn on real-time protection (recommended).
After you uncheck this, click on the Save button and close Windows Defender.
Keep these protections disabled till we have you clean please
Afterwards
Download and save [color=\"red\"]Brute Force Uninstaller[/color] (http://\"http://www.merijn.org/files/bfu.zip\")[/b] to the desktop
- Right click the BFU folder on your desktop, and choose Extract All
- Click "Next"
- In the box to choose where to extract the files to, click "Browse"
- Click on the + sign next to "My Computer"
- Click on "Local Disk (C:) or whatever your primary drive is
- Click "Make New Folder"
- Type in BFU
- Click "Next", and Uncheck the "Show Extracted Files" box and then click "Finish".
Save it then transfer to the
same folder you made earlier (C:\BFU).
Go to Start > My Computer and navigate to the C:\BFU folder.
- Start the Brute Force Uninstaller by doubleclicking BFU.exe
- Next to the scriptline to execute field click the folder icon (http://metallica.geekstogo.com/foldericon.png)
and select alcanshorty.bfu - Press Execute and let it do it's job. (You ought to see a progress bar if you did this correctly.)
- Wait for the complete script execution box to pop up and press OK.
- Press exit to terminate the BFU program.
Double click combofix.exe & follow the prompts.
When finished, it shall produce a log for you.
Note:
Do not mouseclick combofix's window whilst it's running. That may cause it to stall
Post back the following
1. Post the log from Combofix
2. Post a fresh hijackthis log
Post by: tmirelle on May 26, 2007, 08:42:24 PM
"Tanya Main" - 2007-05-26 18:30:48 Service Pack 2
ComboFix 07-05.26.3.V - Running from: "C:\Documents and Settings\Tanya Main\Desktop\"
/wow section - STAGE #1
(((((((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
"C:\Program Files\outerinfo\outerinfo.ico"
"C:\Program Files\outerinfo\Terms.rtf"
"C:\Program Files\outerinfo"
"C:\WINDOWS\system32\drivers\core.sys"
Purity Folders:
C:\DOCUME~1\TANYAM~1\APPLIC~1\ASEMBL~1
((((((((((((((((((((((((((((((((((((((((((( Drivers/Services )))))))))))))))))))))))))))))))))))))))))))))))))
-------\LEGACY_CORE
-------\core
((((((((((((((((((((((((((((((( Files Created from 2007-04-26 to 2007-05-26 ))))))))))))))))))))))))))))))))))
2007-05-26 18:23 <DIR> d-------- C:\bintheredunthat
2007-05-26 18:18 <DIR> d-------- C:\bfu
2007-05-26 12:07 <DIR> d-------- C:\DOCUME~1\TANYAM~1\APPLIC~1\F-Secure
2007-05-26 11:04 <DIR> d-------- C:\DOCUME~1\TANYAM~1\APPLIC~1\ispnews
2007-05-26 10:58 70,896 --a------ C:\WINDOWS\system32\drivers\fsdfw.sys
2007-05-26 10:58 33,584 --a------ C:\WINDOWS\system32\drivers\fsndis5.sys
2007-05-26 10:58 1,716,224 --a------ C:\WINDOWS\system32\winsflte.dll
2007-05-26 10:58 1,236,992 --a------ C:\WINDOWS\system32\cfgmig32.dll
2007-05-26 10:58 1,187,840 --a------ C:\WINDOWS\system32\winsflt.dll
2007-05-26 10:58 <DIR> d-------- C:\WINDOWS\rnapxs
2007-05-26 10:58 <DIR> d-------- C:\DOCUME~1\ALLUSE~1\APPLIC~1\F-Secure
2007-05-26 10:52 118,842 -r------- C:\WINDOWS\bwUnin-6.3.2.123-3875767L.exe
2007-05-26 10:52 <DIR> d-------- C:\Program Files\Shaw Secure
2007-05-25 22:37 <DIR> d-------- C:\DOCUME~1\TANYAM~1\APPLIC~1\SecondLife
2007-05-25 22:36 <DIR> d-------- C:\Program Files\SecondLife
2007-05-25 05:56 <DIR> d-------- C:\DOCUME~1\TANYAM~1\APPLIC~1\1clickPro
2007-05-25 05:50 87,608 --a------ C:\DOCUME~1\TANYAM~1\APPLIC~1\ezpinst.exe
2007-05-25 05:50 47,360 --a------ C:\DOCUME~1\TANYAM~1\APPLIC~1\pcouffin.sys
2007-05-25 05:50 <DIR> d-------- C:\Program Files\LG Software Innovations
2007-05-25 05:50 <DIR> d-------- C:\DOCUME~1\TANYAM~1\APPLIC~1\Vso
2007-05-25 05:50 <DIR> d-------- C:\DOCUME~1\ALLUSE~1\APPLIC~1\1Click DVD Copy Pro
2007-05-24 23:29 <DIR> d-------- C:\Program Files\Incomplete
2007-05-24 21:50 <DIR> d-------- C:\DOCUME~1\ALLUSE~1\APPLIC~1\Adobe Systems
2007-05-24 21:34 <DIR> d-------- C:\Program Files\Xilisoft
2007-05-24 20:13 60,928 --a------ C:\WINDOWS\system32\mjlpijb.dll
2007-05-24 20:13 2 --a------ C:\WINDOWS\system32\wapiisv.exe
2007-05-24 19:58 <DIR> d-------- C:\WINDOWS\system32\T6QaSQ
2007-05-24 19:58 <DIR> d-------- C:\WINDOWS\system32\T6
2007-05-24 19:58 <DIR> d-------- C:\WINDOWS\system32\T5
2007-05-24 19:58 <DIR> d-------- C:\WINDOWS\system32\T4
2007-05-24 19:58 <DIR> d-------- C:\WINDOWS\system32\T3
2007-05-24 19:58 <DIR> d-------- C:\WINDOWS\system32\pog
2007-05-24 18:23 <DIR> d-------- C:\Program Files\iTunes
2007-05-24 18:23 <DIR> d-------- C:\Program Files\iPod
2007-05-24 18:14 <DIR> d-------- C:\Program Files\Apple Software Update
2007-05-23 23:11 <DIR> d-------- C:\DOCUME~1\TANYAM~1\APPLIC~1\dvdcss
2007-05-23 23:10 45,056 --a------ C:\WINDOWS\system32\WNASPI32.DLL
2007-05-23 23:10 16,512 --a------ C:\WINDOWS\system32\drivers\ASPI32.SYS
2007-05-23 19:19 <DIR> d-------- C:\maxdvd2mpeg
2007-05-09 03:07 <DIR> d-------- C:\Program Files\Microsoft CAPICOM 2.1.0.2
2007-04-28 11:20 <DIR> d-------- C:\DOCUME~1\TANYAM~1\APPLIC~1\GTek
2007-04-28 11:20 <DIR> d-------- C:\DOCUME~1\ALLUSE~1\APPLIC~1\Gtek
(((((((((((((((((((((((((((((((((((((((((((((((( Find3M Report )))))))))))))))))))))))))))))))))))))))))))))))))))))
2007-05-25 12:50:12 47,360 ----a-w C:\WINDOWS\system32\drivers\pcouffin.sys
2007-05-25 06:27:06 -------- d-----w C:\DOCUME~1\TANYAM~1\APPLIC~1\LimeWire
2007-05-25 03:32:15 -------- d-----w C:\DOCUME~1\TANYAM~1\APPLIC~1\Download Manager
2007-05-25 03:03:10 -------- d-----w C:\Program Files\QuickTime
2007-05-25 02:58:10 -------- d--h--w C:\Program Files\WindowsUpdate
2007-05-25 02:39:58 956 ----a-w C:\DOCUME~1\TANYAM~1\APPLIC~1\wklnhst.dat
2007-05-25 01:56:40 -------- d-----w C:\Program Files\Quicken
2007-05-25 01:17:34 -------- d-----w C:\DOCUME~1\TANYAM~1\APPLIC~1\Apple Computer
2007-05-23 23:57:28 -------- d-----w C:\DOCUME~1\TANYAM~1\APPLIC~1\Ahead
2007-04-28 21:35:07 664 ----a-w C:\WINDOWS\system32\d3d9caps.dat
2007-04-28 18:16:25 1,693 ----a-w C:\WINDOWS\checkip.dat
2007-04-28 02:20:50 -------- d-----w C:\Program Files\MSN Messenger
2007-04-19 17:38:51 -------- d-----w C:\Program Files\7-Zip
2007-04-18 16:12:23 2,854,400 ----a-w C:\WINDOWS\system32\msi.dll
2007-04-14 18:25:53 -------- d-----w C:\DOCUME~1\TANYAM~1\APPLIC~1\Image Zone Express
2007-04-08 14:53:46 -------- d--h--w C:\Program Files\InstallShield Installation Information
2007-04-08 14:53:46 -------- d-----w C:\Program Files\Realtek
2007-04-06 15:51:56 -------- d-----w C:\Program Files\piPOol
2007-04-06 15:51:04 -------- d-----w C:\Program Files\illiminable
2007-04-01 00:45:07 -------- d-----w C:\DOCUME~1\TANYAM~1\APPLIC~1\Printer Info Cache
2007-04-01 00:37:12 -------- d-----w C:\Program Files\Common Files\SWF Studio
2007-04-01 00:36:53 -------- d-----w C:\Program Files\HP
2007-03-23 13:07:56 1,683,280 ------w C:\WINDOWS\system32\XpsSvcs.dll
2007-03-23 13:07:54 583,504 ------w C:\WINDOWS\system32\XPSSHHDR.dll
2007-03-23 03:25:02 124,928 ------w C:\WINDOWS\system32\prntvpt.dll
2007-03-17 13:43:01 292,864 ----a-w C:\WINDOWS\system32\winsrv.dll
2007-03-08 15:36:28 577,536 ----a-w C:\WINDOWS\system32\user32.dll
2007-03-08 15:36:28 40,960 ----a-w C:\WINDOWS\system32\mf3216.dll
2007-03-08 15:36:28 281,600 ----a-w C:\WINDOWS\system32\gdi32.dll
2007-03-08 13:47:48 1,843,584 ----a-w C:\WINDOWS\system32\win32k.sys
2007-03-07 06:37:07 3,350 --sha-w C:\WINDOWS\system32\KGyGaAvL.sys
2006-10-15 03:32:29 56 --sh--r C:\WINDOWS\system32\D1485FA66F.sys
(((((((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))
*Note* empty entries & legit default entries are not shown
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects]
{06849E9F-C8D7-4D59-B87D-784B7D6BE0B3}=C:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll [2004-12-14 01:56]
{53707962-6F74-2D53-2644-206D7942484F}=C:\PROGRA~1\UTILIT~1\SPYBOT~1\SDHelper.dll [2005-05-31 02:04]
{761497BB-D6F0-462C-B6EB-D4DAF1D92D43}=C:\Program Files\Java\jre1.5.0_06\bin\ssv.dll [2005-11-10 14:22]
{9030D464-4C02-4ABF-8ECC-5164760863C6}=C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll [2006-04-07 00:02]
{AE7CD045-E861-484f-8273-0445EE161910}=C:\Program Files\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll [2004-12-14 02:13]
{B5001D46-D9AE-DA7B-DD7F-88ADD3BF74E5}=C:\WINDOWS\system32\mjlpijb.dll [2007-05-21 06:59]
{BDBD1DAD-C946-4A17-ADC1-64B5B4FF55D0}=C:\Program Files\Windows Live Toolbar\msntb.dll [2006-10-11 00:26]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"PCDrProfiler"="" []
"KBD"="C:\HP\KBD\KBD.EXE" [2005-02-02 16:44]
"IAAnotif"="C:\Program Files\Intel\Intel Matrix Storage Manager\iaanotif.exe" [2005-10-12 13:30]
"LogitechCameraAssistant"="C:\Program Files\Logitech\Video\CameraAssistant.exe" [2005-12-07 10:26]
"LogitechVideo[inspector]"="C:\Program Files\Logitech\Video\InstallHelper.exe" [2005-12-07 10:33]
"NWEReboot"="" []
"ISUSPM Startup"="C:\Program Files\Common Files\InstallShield\UpdateService\isuspm.exe" [2005-08-11 16:30]
"ISUSScheduler"="C:\Program Files\Common Files\InstallShield\UpdateService\issch.exe" [2005-08-11 16:30]
"PWRISOVM.EXE"="C:\Program Files\PowerISO\PWRISOVM.EXE" [2006-03-17 19:24]
"Windows Defender"="C:\Program Files\Windows Defender\MSASCui.exe" [2006-11-03 19:20]
"Adobe Version Cue CS2"="C:\Program Files\Adobe\Adobe Version Cue CS2\ControlPanel\VersionCueCS2Tray.exe" [2005-04-04 19:58]
"RTHDCPL"="RTHDCPL.EXE" []
"Alcmtr"="ALCMTR.EXE" []
"QuickTime Task"="C:\Program Files\QuickTime\qttask.exe" [2007-04-27 09:41]
"iTunesHelper"="C:\Program Files\iTunes\iTunesHelper.exe" [2007-04-27 11:25]
"Acrobat Assistant 7.0"="C:\Program Files\Adobe\Acrobat 7.0\Distillr\Acrotray.exe" [2004-12-14 02:12]
"@"="" []
"F-Secure Manager"="C:\Program Files\Shaw Secure\Common\FSM32.exe" [2005-10-25 18:51]
"F-Secure TNB"="C:\Program Files\Shaw Secure\TNB\TNBUtil.exe" [2005-07-18 07:51]
"F-Secure Startup Wizard"="C:\Program Files\Shaw Secure\FSGUI\FSSW.exe" [2005-10-18 01:29]
"News Service"="C:\Program Files\Shaw Secure\FSGUI\ispnews.exe" [2005-05-31 05:45]
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"MSMSGS"="C:\Program Files\Messenger\msmsgs.exe" [2004-10-13 09:24]
"LDM"="C:\Program Files\Logitech\Desktop Messenger\8876480\Program\LogitechDesktopMessenger.exe" [2007-02-23 16:28]
"BgMonitor_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA}"="C:\Program Files\Common Files\Ahead\lib\NMBgMonitor.exe" [2005-09-08 11:06]
"Store 'n' Go"="C:\Documents and Settings\Tanya Main\Application Data\Verbatim Software\V-Key.exe" [2006-02-17 19:42]
"ctfmon.exe"="C:\WINDOWS\system32\ctfmon.exe" [2004-08-09 22:00]
"Rqwqqe"="C:\Documents and Settings\Tanya Main\Application Data\a?sembly\winlogon.exe" []
"Scbu"="C:\DOCUME~1\TANYAM~1\MYDOCU~1\DOBE~1\winlogon.exe" []
[HKEY_USERS\.default\software\microsoft\windows\currentversion\runonce]
"WUAppSetup"=C:\Program Files\Common Files\logishrd\WUApp32.exe -v 0x046d -p 0x08c5 -f video -m logitech -d 10.5.0.1091
[HKEY_USERS\.default\software\microsoft\windows\currentversion\run]
"DWQueuedReporting"="C:\PROGRA~1\COMMON~1\MICROS~1\DW\dwtrig20.exe" -t
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"InstallVisualStyle"=C:\WINDOWS\Resources\Themes\Royale\Royale.msstyles
"InstallTheme"=C:\WINDOWS\Resources\Themes\Royale.theme
[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\D]
AutoRun\command- C:\WINDOWS\system32\RunDLL32.EXE Shell32.DLL,ShellExec_RunDLL Info.exe protect.ed 480 480
[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{abfc1d5a-9a0c-11da-a553-0015f2a396f9}]
AutoRun\command- K:\ReportNet.exe
~ ~ ~ ~ ~ ~ ~ ~ Hijackthis Backups ~ ~ ~ ~ ~ ~ ~ ~ ~ ~ ~
backup-20060504-215323-767
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Bar = http://ie.redirect.hp.com/svs/rdr?TYPE=3&a...&pf=desktop (http://\"http://ie.redirect.hp.com/svs/rdr?TYPE=3&tp=iesearch&locale=EN_CA&c=Q106&bd=pavilion&pf=desktop\")
backup-20060504-215323-673
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://ie.redirect.hp.com/svs/rdr?TYPE=3&a...&pf=desktop (http://\"http://ie.redirect.hp.com/svs/rdr?TYPE=3&tp=iesearch&locale=EN_CA&c=Q106&bd=pavilion&pf=desktop\")
backup-20060504-215323-589
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://ie.redirect.hp.com/svs/rdr?TYPE=3&a...&pf=desktop (http://\"http://ie.redirect.hp.com/svs/rdr?TYPE=3&tp=iesearch&locale=EN_CA&c=Q106&bd=pavilion&pf=desktop\")
backup-20060504-215323-856
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://ie.redirect.hp.com/svs/rdr?TYPE=3&a...&pf=desktop (http://\"http://ie.redirect.hp.com/svs/rdr?TYPE=3&tp=iehome&locale=EN_CA&c=Q106&bd=pavilion&pf=desktop\")
backup-20060504-215323-581
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://ie.redirect.hp.com/svs/rdr?TYPE=3&a...&pf=desktop (http://\"http://ie.redirect.hp.com/svs/rdr?TYPE=3&tp=iehome&locale=EN_CA&c=Q106&bd=pavilion&pf=desktop\")
backup-20060504-215323-498
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://ie.redirect.hp.com/svs/rdr?TYPE=3&a...&pf=desktop (http://\"http://ie.redirect.hp.com/svs/rdr?TYPE=3&tp=iesearch&locale=EN_CA&c=Q106&bd=pavilion&pf=desktop\")
backup-20060504-215323-278
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://ie.redirect.hp.com/svs/rdr?TYPE=3&a...&pf=desktop (http://\"http://ie.redirect.hp.com/svs/rdr?TYPE=3&tp=iehome&locale=EN_CA&c=Q106&bd=pavilion&pf=desktop\")
Contents of the 'Scheduled Tasks' folder
2007-05-25 01:14:43 C:\WINDOWS\tasks\AppleSoftwareUpdate.job
2007-05-27 00:47:00 C:\WINDOWS\tasks\Check Updates for Windows Live Toolbar.job
2007-04-08 23:51:04 C:\WINDOWS\tasks\MP Scheduled Quick Scan.job
2007-05-26 18:04:34 C:\WINDOWS\tasks\MP Scheduled Scan.job
********************************************************************
catchme 0.3.681 W2K/XP/Vista - userland rootkit detector by Gmer, http://www.gmer.net (http://\"http://www.gmer.net\")
Rootkit scan 2007-05-26 18:36:36
Windows 5.1.2600 Service Pack 2 NTFS
scanning hidden processes ...
scanning hidden autostart entries ...
scanning hidden files ...
scan completed successfully
hidden files: 0
********************************************************************
Completion time: 2007-05-26 18:38:14 - machine was rebooted
C:\ComboFix-quarantined-files.txt ... 2007-05-26 18:38
--- E O F ---
hijack:
Logfile of HijackThis v1.99.1
Scan saved at 6:41:46 PM, on 26/05/2007
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.6000.16441)
Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Windows Defender\MsMpEng.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
c:\program files\common files\logitech\lvmvfm\LVPrcSrv.exe
C:\Program Files\Adobe\Adobe Version Cue CS2\bin\VersionCueCS2.exe
C:\WINDOWS\arservice.exe
C:\PROGRA~1\SHAWSE~1\backweb\3875767\Program\SERVIC~1.EXE
C:\WINDOWS\eHome\ehRecvr.exe
C:\WINDOWS\eHome\ehSched.exe
C:\Program Files\Shaw Secure\Anti-Virus\fsgk32st.exe
C:\Program Files\Shaw Secure\Anti-Virus\FSGK32.EXE
C:\Program Files\Shaw Secure\backweb\3875767\program\fsbwsys.exe
C:\Program Files\Shaw Secure\Common\FSMA32.EXE
C:\Program Files\Intel\Intel Matrix Storage Manager\iaantmon.exe
C:\Program Files\Common Files\LightScribe\LSSrvc.exe
C:\Program Files\Shaw Secure\Common\FSMB32.EXE
C:\Program Files\Common Files\Microsoft Shared\VS7DEBUG\MDM.EXE
C:\WINDOWS\system32\nvsvc32.exe
C:\Program Files\Shaw Secure\Anti-Virus\fssm32.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Intel\IntelDH\Intel® Quick Resume Technology\ELService.exe
C:\Program Files\Adobe\Adobe Version Cue CS2\data\database\bin\mysqld-nt.exe
C:\Program Files\Shaw Secure\Common\FCH32.EXE
C:\Program Files\Shaw Secure\Anti-Virus\fsqh.exe
C:\Program Files\Shaw Secure\Common\FAMEH32.EXE
C:\Program Files\Shaw Secure\Anti-Virus\fsrw.exe
C:\Program Files\Shaw Secure\FSPC\fspc.exe
C:\WINDOWS\system32\dllhost.exe
C:\Program Files\Shaw Secure\FWES\Program\fsdfwd.exe
C:\Program Files\Shaw Secure\Anti-Virus\fsav32.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\system32\wscntfy.exe
C:\HP\KBD\KBD.EXE
C:\Program Files\Intel\Intel Matrix Storage Manager\iaanotif.exe
C:\Program Files\Logitech\Video\CameraAssistant.exe
C:\WINDOWS\system32\wuauclt.exe
C:\Program Files\Common Files\InstallShield\UpdateService\issch.exe
C:\WINDOWS\system32\lvcomsx.exe
C:\Program Files\PowerISO\PWRISOVM.EXE
C:\Program Files\Windows Defender\MSASCui.exe
C:\Program Files\Adobe\Adobe Version Cue CS2\ControlPanel\VersionCueCS2Tray.exe
C:\WINDOWS\RTHDCPL.EXE
C:\Program Files\QuickTime\qttask.exe
C:\Program Files\iTunes\iTunesHelper.exe
C:\Program Files\Adobe\Acrobat 7.0\Distillr\Acrotray.exe
C:\Program Files\Shaw Secure\Common\FSM32.EXE
C:\Program Files\Shaw Secure\FSGUI\ispnews.exe
C:\Program Files\Messenger\msmsgs.exe
C:\Program Files\Logitech\Desktop Messenger\8876480\Program\LogitechDesktopMessenger.exe
C:\PROGRA~1\SHAWSE~1\ANTI-S~1\fsaw.exe
C:\Program Files\iPod\bin\iPodService.exe
C:\Program Files\Common Files\Ahead\lib\NMBgMonitor.exe
C:\Documents and Settings\Tanya Main\Application Data\Verbatim Software\V-Key.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\Shaw Secure\FSGUI\fsguidll.exe
C:\Program Files\Adobe\Acrobat 7.0\Acrobat\acrobat_sl.exe
C:\Program Files\Shaw Secure\backweb\3875767\Program\fspex.exe
C:\WINDOWS\system32\notepad.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Documents and Settings\Tanya Main\My Documents\My Downloads\utilities\tanya.exe
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?linkid=677 (http://\"http://go.microsoft.com/fwlink/?linkid=677\")
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157 (http://\"http://go.microsoft.com/fwlink/?LinkId=69157\")
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896 (http://\"http://go.microsoft.com/fwlink/?LinkId=54896\")
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896 (http://\"http://go.microsoft.com/fwlink/?LinkId=54896\")
R1 - HKCU\Software\Microsoft\Internet Explorer\SearchURL,(Default) = http://g.msn.com/0SEENUS/SAOS01?FORM=TOOLBR (http://\"http://g.msn.com/0SEENUS/SAOS01?FORM=TOOLBR\")
O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll
O2 - BHO: (no name) - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~1\UTILIT~1\SPYBOT~1\SDHelper.dll
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.5.0_06\bin\ssv.dll
O2 - BHO: (no name) - {7E853D72-626A-48EC-A868-BA8D5E23E045} - (no file)
O2 - BHO: Windows Live Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
O2 - BHO: AcroIEToolbarHelper Class - {AE7CD045-E861-484f-8273-0445EE161910} - C:\Program Files\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll
O2 - BHO: (no name) - {B5001D46-D9AE-DA7B-DD7F-88ADD3BF74E5} - C:\WINDOWS\system32\mjlpijb.dll
O2 - BHO: Windows Live Toolbar Helper - {BDBD1DAD-C946-4A17-ADC1-64B5B4FF55D0} - C:\Program Files\Windows Live Toolbar\msntb.dll
O3 - Toolbar: Windows Live Toolbar - {BDAD1DAD-C946-4A17-ADC1-64B5B4FF55D0} - C:\Program Files\Windows Live Toolbar\msntb.dll
O3 - Toolbar: Adobe PDF - {47833539-D0C5-4125-9FA8-0819E2EAAC93} - C:\Program Files\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll
O4 - HKLM\..\Run: [KBD] C:\HP\KBD\KBD.EXE
O4 - HKLM\..\Run: [IAAnotif] C:\Program Files\Intel\Intel Matrix Storage Manager\iaanotif.exe
O4 - HKLM\..\Run: [LogitechCameraAssistant] C:\Program Files\Logitech\Video\CameraAssistant.exe
O4 - HKLM\..\Run: [LogitechVideo[inspector]] C:\Program Files\Logitech\Video\InstallHelper.exe /inspect
O4 - HKLM\..\Run: [ISUSPM Startup] "C:\Program Files\Common Files\InstallShield\UpdateService\isuspm.exe" -startup
O4 - HKLM\..\Run: [ISUSScheduler] "C:\Program Files\Common Files\InstallShield\UpdateService\issch.exe" -start
O4 - HKLM\..\Run: [PWRISOVM.EXE] C:\Program Files\PowerISO\PWRISOVM.EXE
O4 - HKLM\..\Run: [Windows Defender] "C:\Program Files\Windows Defender\MSASCui.exe" -hide
O4 - HKLM\..\Run: [Adobe Version Cue CS2] "C:\Program Files\Adobe\Adobe Version Cue CS2\ControlPanel\VersionCueCS2Tray.exe"
O4 - HKLM\..\Run: [RTHDCPL] RTHDCPL.EXE
O4 - HKLM\..\Run: [Alcmtr] ALCMTR.EXE
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [iTunesHelper] "C:\Program Files\iTunes\iTunesHelper.exe"
O4 - HKLM\..\Run: [Acrobat Assistant 7.0] "C:\Program Files\Adobe\Acrobat 7.0\Distillr\Acrotray.exe"
O4 - HKLM\..\Run: [F-Secure Manager] "C:\Program Files\Shaw Secure\Common\FSM32.EXE" /splash
O4 - HKLM\..\Run: [F-Secure TNB] "C:\Program Files\Shaw Secure\TNB\TNBUtil.exe" /CHECKALL /WAITFORSW
O4 - HKLM\..\Run: [F-Secure Startup Wizard] "C:\Program Files\Shaw Secure\FSGUI\FSSW.EXE" /reboot
O4 - HKLM\..\Run: [News Service] "C:\Program Files\Shaw Secure\FSGUI\ispnews.exe"
O4 - HKCU\..\Run: [MSMSGS] "C:\Program Files\Messenger\msmsgs.exe" /background
O4 - HKCU\..\Run: [LDM] C:\Program Files\Logitech\Desktop Messenger\8876480\Program\LogitechDesktopMessenger.exe
O4 - HKCU\..\Run: [BgMonitor_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA}] "C:\Program Files\Common Files\Ahead\lib\NMBgMonitor.exe"
O4 - HKCU\..\Run: [Store 'n' Go] C:\Documents and Settings\Tanya Main\Application Data\Verbatim Software\V-Key.exe
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [Rqwqqe] "C:\Documents and Settings\Tanya Main\Application Data\a?sembly\winlogon.exe"
O4 - HKCU\..\Run: [Scbu] "C:\DOCUME~1\TANYAM~1\MYDOCU~1\DOBE~1\winlogon.exe" -vt ndrv
O4 - Global Startup: Adobe Acrobat Speed Launcher.lnk = ?
O4 - Global Startup: Adobe Gamma.lnk = C:\Program Files\Common Files\Adobe\Calibration\Adobe Gamma Loader.exe
O4 - Global Startup: Logitech Desktop Messenger.lnk = C:\Program Files\Logitech\Desktop Messenger\8876480\Program\LogitechDesktopMessenger.exe
O4 - Global Startup: Quicken Scheduled Updates.lnk = ?
O4 - Global Startup: Shaw Secure.lnk = C:\Program Files\Shaw Secure\backweb\3875767\Program\fspex.exe
O8 - Extra context menu item: &Block this popup - C:\Program Files\Shaw Secure\Anti-Spyware\blockpopups.htm
O8 - Extra context menu item: &Windows Live Search - res://C:\Program Files\Windows Live Toolbar\msntb.dll/search.htm
O8 - Extra context menu item: Convert link target to Adobe PDF - res://C:\Program Files\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIECapture.html
O8 - Extra context menu item: Convert link target to existing PDF - res://C:\Program Files\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIEAppend.html
O8 - Extra context menu item: Convert selected links to Adobe PDF - res://C:\Program Files\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIECaptureSelLinks.html
O8 - Extra context menu item: Convert selected links to existing PDF - res://C:\Program Files\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIEAppendSelLinks.html
O8 - Extra context menu item: Convert selection to Adobe PDF - res://C:\Program Files\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIECapture.html
O8 - Extra context menu item: Convert selection to existing PDF - res://C:\Program Files\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIEAppend.html
O8 - Extra context menu item: Convert to Adobe PDF - res://C:\Program Files\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIECapture.html
O8 - Extra context menu item: Convert to existing PDF - res://C:\Program Files\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIEAppend.html
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~4\Office10\EXCEL.EXE/3000
O8 - Extra context menu item: Open in new background tab - res://C:\Program Files\Windows Live Toolbar\Components\en-ca\msntabres.dll.mui/229?8cfca51a4ed045639d7b6bc063b7d9c1
O8 - Extra context menu item: Open in new foreground tab - res://C:\Program Files\Windows Live Toolbar\Components\en-ca\msntabres.dll.mui/230?8cfca51a4ed045639d7b6bc063b7d9c1
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_06\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_06\bin\ssv.dll
O9 - Extra button: Web Filter - {200DB664-75B5-47c0-8B45-A44ACCF73C00} - C:\Program Files\Shaw Secure\FSPC\fspcmsie.dll
O9 - Extra button: (no name) - {200DB664-75B5-47c0-8B45-A44ACCF73F01} - C:\Program Files\Shaw Secure\FSPC\fspcmsie.dll
O9 - Extra 'Tools' menuitem: Web Filter - {200DB664-75B5-47c0-8B45-A44ACCF73F01} - C:\Program Files\Shaw Secure\FSPC\fspcmsie.dll
O9 - Extra button: IE Shield - {300DB664-75B5-47c0-8B45-A44ACCF73C00} - C:\Program Files\Shaw Secure\Anti-Spyware\ieshield.dll
O9 - Extra 'Tools' menuitem: IE Shield... - {300DB664-75B5-47c0-8B45-A44ACCF73C00} - C:\Program Files\Shaw Secure\Anti-Spyware\ieshield.dll
O9 - Extra button: Send to OneNote - {6EB2AA45-3F30-40e1-9864-45EB153C6EDC} - C:\WINDOWS\system32\mscoree.DLL
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~4\OFFICE11\REFIEBAR.DLL
O9 - Extra button: Connection Help - {E2D4D26B-0180-43a4-B05F-462D6D54C789} - C:\WINDOWS\PCHEALTH\HELPCTR\Vendors\CN=Hewlett-Packard,L=Cupertino,S=Ca,C=US\IEButton\support.htm
O9 - Extra 'Tools' menuitem: Connection Help - {E2D4D26B-0180-43a4-B05F-462D6D54C789} - C:\WINDOWS\PCHEALTH\HELPCTR\Vendors\CN=Hewlett-Packard,L=Cupertino,S=Ca,C=US\IEButton\support.htm
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe (file missing)
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe (file missing)
O9 - Extra button: (no name) - {F37F00B3-19B2-4a69-B923-7A24AF07EE68} - C:\WINDOWS\system32\mscoree.DLL
O9 - Extra 'Tools' menuitem: Send to OneNote Settings - {F37F00B3-19B2-4a69-B923-7A24AF07EE68} - C:\WINDOWS\system32\mscoree.DLL
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O10 - Broken Internet access because of LSP provider 'winsflt.dll' missing
O11 - Options group: [INTERNATIONAL] International*
O16 - DPF: {13EC55CF-D993-475B-9ACA-F4A384957956} (Controller Class) - https://www.windowsonecare.com/install/cli/...nSSWebAgent.CAB (http://\"https://www.windowsonecare.com/install/cli/1.1.1067.14/WinSSWebAgent.CAB\")
O16 - DPF: {2AF5BD25-90C5-4EEC-88C5-B44DC2905D8B} (DownloadManager Control) - http://dlm.tools.akamai.com/dlmanager/vers...vex-2.2.1.0.cab (http://\"http://dlm.tools.akamai.com/dlmanager/versions/activex/dlm-activex-2.2.1.0.cab\")
O16 - DPF: {2ED9BC2B-4DF1-472E-9B5E-55477D2C97F5} (Microsoft Data Collection Control) - https://support.microsoft.com/OAS/ActiveX/odc.cab (http://\"https://support.microsoft.com/OAS/ActiveX/odc.cab\")
O16 - DPF: {49232000-16E4-426C-A231-62846947304B} - http://ipgweb.cce.hp.com/rdqcpc/downloads/sysinfo.cab (http://\"http://ipgweb.cce.hp.com/rdqcpc/downloads/sysinfo.cab\")
O16 - DPF: {644E432F-49D3-41A1-8DD5-E099162EEEC5} (Symantec RuFSI Utility Class) - http://security.symantec.com/sscv6/SharedC...n/bin/cabsa.cab (http://\"http://security.symantec.com/sscv6/SharedContent/common/bin/cabsa.cab\")
O16 - DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} (MUWebControl Class) - http://update.microsoft.com/microsoftupdat...b?1145485701574 (http://\"http://update.microsoft.com/microsoftupdate/v6/V5Controls/en/x86/client/muweb_site.cab?1145485701574\")
O16 - DPF: {9A9307A0-7DA4-4DAF-B042-5009F29E09E1} (ActiveScan Installer Class) - http://acs.pandasoftware.com/activescan/as5free/asinst.cab (http://\"http://acs.pandasoftware.com/activescan/as5free/asinst.cab\")
O16 - DPF: {B38870E4-7ECB-40DA-8C6A-595F0A5519FF} (MsnMessengerSetupDownloadControl Class) - http://messenger.msn.com/download/MsnMesse...pDownloader.cab (http://\"http://messenger.msn.com/download/MsnMessengerSetupDownloader.cab\")
O18 - Protocol: bwfile-8876480 - {9462A756-7B47-47BC-8C80-C34B9B80B32B} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\GAPlugProtocol-8876480.dll
O18 - Protocol: livecall - {828030A1-22C1-4009-854F-8E305202313F} - C:\PROGRA~1\MSNMES~1\MSGRAP~1.DLL
O18 - Protocol: msnim - {828030A1-22C1-4009-854F-8E305202313F} - C:\PROGRA~1\MSNMES~1\MSGRAP~1.DLL
O20 - Winlogon Notify: WgaLogon - C:\WINDOWS\SYSTEM32\WgaLogon.dll
O21 - SSODL: WPDShServiceObj - {AAA288BA-9A4C-45B0-95D7-94D524869DB5} - C:\WINDOWS\system32\WPDShServiceObj.dll
O23 - Service: Adobe LM Service - Adobe Systems - C:\Program Files\Common Files\Adobe Systems Shared\Service\Adobelmsvc.exe
O23 - Service: Adobe Version Cue CS2 - Unknown owner - C:\Program Files\Adobe\Adobe Version Cue CS2\bin\VersionCueCS2.exe" -win32service (file missing)
O23 - Service: Shaw Secure (BackWeb Plug-in - 3875767) - BackWeb Technologies Inc. - C:\PROGRA~1\SHAWSE~1\backweb\3875767\Program\SERVIC~1.EXE
O23 - Service: Intel® Quick Resume Technology Drivers (ELService) - Intel Corporation - C:\Program Files\Intel\IntelDH\Intel® Quick Resume Technology\ELService.exe
O23 - Service: FSGKHS (F-Secure Gatekeeper Handler Starter) - F-Secure Corporation - C:\Program Files\Shaw Secure\Anti-Virus\fsgk32st.exe
O23 - Service: FSBWSYS - F-Secure Corp. - C:\Program Files\Shaw Secure\backweb\3875767\program\fsbwsys.exe
O23 - Service: F-Secure Anti-Virus Firewall Daemon (FSDFWD) - F-Secure Corporation - C:\Program Files\Shaw Secure\FWES\Program\fsdfwd.exe
O23 - Service: F-Secure HTTP Server (fshttps) - F-Secure Corporation - C:\Program Files\Shaw Secure\FSPC\fshttps\fshttps.exe
O23 - Service: F-Secure Management Agent (FSMA) - F-Secure Corporation - C:\Program Files\Shaw Secure\Common\FSMA32.EXE
O23 - Service: Intel® Matrix Storage Event Monitor (IAANTMon) - Intel Corporation - C:\Program Files\Intel\Intel Matrix Storage Manager\iaantmon.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe
O23 - Service: iPod Service - Apple Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: LightScribeService Direct Disc Labeling Service (LightScribeService) - Hewlett-Packard Company - C:\Program Files\Common Files\LightScribe\LSSrvc.exe
O23 - Service: Logitech Process Monitor (LVPrcSrv) - Logitech Inc. - c:\program files\common files\logitech\lvmvfm\LVPrcSrv.exe
O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\system32\nvsvc32.exe
Post by: guestolo on May 26, 2007, 09:29:31 PM
A couple files I don't recognize
I'm sure one is bad
But let's make sure
Set Windows To Show Hidden Files and Folders
* Click Start.
* Open My Computer.
* Select the Tools menu and click Folder Options.
* Select the View Tab.
* Under the Hidden files and folders heading select Show hidden files and folders.
* Uncheck the Hide protected operating system files (recommended) option.
* Uncheck the Hide Extensions for known file types
* Click Yes to confirm.
* Click OK.
Can you go to either of these links
http://virusscan.jotti.org/ (http://\"http://virusscan.jotti.org/\")
OR
http://www.virustotal.com/flash/index_en.html (http://\"http://www.virustotal.com/flash/index_en.html\")
Use the browse button and navigate to the file on your harddrive
C:\WINDOWS\system32\mjlpijb.dll <-this file
Right click on the file, and choose Select>>or double click on it
Then use the Submit button
Let it finish scanning
Could you post back the results of the scan back here please
Do the same thing with the next ones too
C:\WINDOWS\system32\D1485FA66F.sys <-this file
This file appears to be on a USB flashdrive possibly
Is that your K: drive?
Can you connect and scan it too please
K:\ReportNet.exe <-this file
Post back the results of all three if found, then we'll try to finish the cleaning steps
Keep me informed how things are running please
NOTE: We still have some entries to remove in Hijackthis, but can I see those scans first please
Post by: tmirelle on May 27, 2007, 01:21:37 PM
Scan taken on 27 May 2007 18:11:40 (GMT)
A-Squared Found nothing
AntiVir Found ADSPY/PurityScan.AK.174
ArcaVir Found Adware.Purityscan.Ak
Avast Found Win32:Agent-RY
AVG Antivirus Found nothing
BitDefender Found nothing
ClamAV Found nothing
Dr.Web Found nothing
F-Prot Antivirus Found nothing
F-Secure Anti-Virus Found not-a-virus:AdWare.Win32.PurityScan.ak (4, 1, 400)
Fortinet Found Adware/Purityscan
Kaspersky Anti-Virus Found not-a-virus:AdWare.Win32.PurityScan.ak
NOD32 Found probably a variant of Win32/Adware.PurityScan application (probable variant)
Norman Virus Control Found W32/PurityScan.dam
Panda Antivirus Found nothing
Rising Antivirus Found nothing
VirusBuster Found nothing
VBA32 Found AdWare.Win32.PurityScan.ak
D1485FA66F.sys:
Scan taken on 27 May 2007 18:14:41 (GMT)
A-Squared Found nothing
AntiVir Found nothing
ArcaVir Found nothing
Avast Found nothing
AVG Antivirus Found nothing
BitDefender Found nothing
ClamAV Found nothing
Dr.Web Found nothing
F-Prot Antivirus Found nothing
F-Secure Anti-Virus Found nothing
Fortinet Found nothing
Kaspersky Anti-Virus Found nothing
NOD32 Found nothing
Norman Virus Control Found nothing
Panda Antivirus Found nothing
Rising Antivirus Found nothing
VirusBuster Found nothing
VBA32 Found nothing
My data stick usually connects on M:
My Computer doesn't list a drive K, & my data stick is not attached right now.
Post by: guestolo on May 27, 2007, 03:15:17 PM
[color=\"blue\"]Updating Java:[/color]
- Download the latest version of Java(tm) SE Runtime Environment 6 Update 1 (http://\"http://www.java.com/en/download/manual.jsp\").
- Select the Offline Download
- Click on the [color=\"#4169E1\"]Windows XP/Vista/2000/2003 Offline[/color] * filesize: 13.16 MB and save it too desktop
- Close any programs you may have running - especially any web browsers.
- Go to Start > Control Panel double-click on Add/Remove programs and remove all older versions of Java.
- Check any item with Java Runtime Environment (JRE or J2SE) in the name.
- Click the Remove or Change/Remove button.
- Repeat as many times as necessary to remove each Java versions.
J2SE Runtime Environment 5.0 Update 5
J2SE Runtime Environment 5.0 Update 6
Don't install the new version yet
Do a "System scan only" with Hijackthis and put a check next to these entries:
O2 - BHO: (no name) - {7E853D72-626A-48EC-A868-BA8D5E23E045} - (no file)
O2 - BHO: (no name) - {B5001D46-D9AE-DA7B-DD7F-88ADD3BF74E5} - C:\WINDOWS\system32\mjlpijb.dll
O4 - HKLM\..\Run: [Alcmtr] ALCMTR.EXE
O4 - HKCU\..\Run: [Rqwqqe] "C:\Documents and Settings\Tanya Main\Application Data\a?sembly\winlogon.exe"
O4 - HKCU\..\Run: [Scbu] "C:\DOCUME~1\TANYAM~1\MYDOCU~1\DOBE~1\winlogon.exe" -vt ndrv
After you have ticked the above entries, close All other open windows
Including this one
Leave Hijackthis open and click FIX CHECKED
OK the prompt and exit Hijackthis
Reboot your computer
Back in Windows
Can you ensure this file is gone, if not delete it
C:\WINDOWS\system32\mjlpijb.dll <-file
Install the latest version of Java from the installer on desktop
Post a fresh hijackthis log afterwards and let me know how things are running
===================================================
Also, Could you also,
go here:
http://www.billsway.com/vbspage/ (http://\"http://www.billsway.com/vbspage/\")
Scroll down the page
and download the "Registry Search Tool"
Unzip RegSrch.zip to the desktop
Double click on RegSrch.vbs
**If you get a warning from your Anti Virus please ignore it and allow this to run.**
When it starts, you will be prompted to enter a search phrase.
Enter this:
ReportNet.exe
Click OK, it will disappear and won't look as if it's doing anything. When it's done searching, a prompt will come up saying how many instances it found. Click OK, and a notepad will open up. Please copy the contents of that notepad and paste it here.
Post by: tmirelle on May 27, 2007, 11:21:57 PM
Back in Windows
Can you ensure this file is gone, if not delete it
C:\WINDOWS\system32\mjlpijb.dll <-file
Get an error saying access denied.. file protected or in use
Post by: guestolo on May 27, 2007, 11:27:12 PM
- Save it to your desktop.
- Please double-click OTMoveIt.exe to run it.
- Copy the file paths below to the clipboard by highlighting ALL of them and pressing CTRL + C (or, after highlighting, right-click and choose "Copy"):
================================================
C:\WINDOWS\system32\mjlpijb.dll
====================================================== - Return to OTMoveIt, right-click on the "Paste List of Files/Folders to be Moved" window and choose "Paste".
- Click the red "[color=\"red\"]MoveIt![/color]" button.
- Close OTMoveIt.
OTMoveIt will create a log here
C:\_OTMoveIt\MovedFiles\mmddyyyy_hhmmss.log
Where mmddyyyy_hhmmss is the date of the tool run.
Can you post that log please
as well as the results from Regsrch.vbs
Keep me informed how things are running
Post by: tmirelle on May 28, 2007, 09:49:17 AM
C:\WINDOWS\system32\mjlpijb.dll unregistered successfully.
C:\WINDOWS\system32\mjlpijb.dll moved successfully.
Created on 05/28/2007 07:41:54
hijack:
Logfile of HijackThis v1.99.1
Scan saved at 7:44:48 AM, on 28/05/2007
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.6000.16441)
Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Windows Defender\MsMpEng.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
c:\program files\common files\logitech\lvmvfm\LVPrcSrv.exe
C:\Program Files\Adobe\Adobe Version Cue CS2\bin\VersionCueCS2.exe
C:\WINDOWS\arservice.exe
C:\PROGRA~1\SHAWSE~1\backweb\3875767\Program\SERVIC~1.EXE
C:\WINDOWS\eHome\ehRecvr.exe
C:\WINDOWS\eHome\ehSched.exe
C:\Program Files\Shaw Secure\Anti-Virus\fsgk32st.exe
C:\Program Files\Shaw Secure\backweb\3875767\program\fsbwsys.exe
C:\Program Files\Shaw Secure\Anti-Virus\FSGK32.EXE
C:\Program Files\Shaw Secure\Common\FSMA32.EXE
C:\Program Files\Intel\Intel Matrix Storage Manager\iaantmon.exe
C:\Program Files\Shaw Secure\Anti-Virus\fssm32.exe
C:\Program Files\Common Files\LightScribe\LSSrvc.exe
C:\Program Files\Shaw Secure\Common\FSMB32.EXE
C:\Program Files\Common Files\Microsoft Shared\VS7DEBUG\MDM.EXE
C:\WINDOWS\system32\nvsvc32.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Shaw Secure\Common\FCH32.EXE
C:\Program Files\Intel\IntelDH\Intel® Quick Resume Technology\ELService.exe
C:\Program Files\Shaw Secure\Anti-Virus\fsqh.exe
C:\Program Files\Shaw Secure\Common\FAMEH32.EXE
C:\Program Files\Shaw Secure\Anti-Virus\fsrw.exe
C:\Program Files\Shaw Secure\FSPC\fspc.exe
C:\Program Files\Adobe\Adobe Version Cue CS2\data\database\bin\mysqld-nt.exe
C:\WINDOWS\system32\dllhost.exe
C:\Program Files\Shaw Secure\Anti-Virus\fsav32.exe
C:\Program Files\Shaw Secure\FWES\Program\fsdfwd.exe
C:\WINDOWS\Explorer.EXE
C:\HP\KBD\KBD.EXE
C:\Program Files\Intel\Intel Matrix Storage Manager\iaanotif.exe
C:\Program Files\Logitech\Video\CameraAssistant.exe
C:\Program Files\Common Files\InstallShield\UpdateService\issch.exe
C:\Program Files\PowerISO\PWRISOVM.EXE
C:\Program Files\Windows Defender\MSASCui.exe
C:\Program Files\Adobe\Adobe Version Cue CS2\ControlPanel\VersionCueCS2Tray.exe
C:\WINDOWS\system32\lvcomsx.exe
C:\WINDOWS\RTHDCPL.EXE
C:\Program Files\QuickTime\qttask.exe
C:\Program Files\iTunes\iTunesHelper.exe
C:\Program Files\Adobe\Acrobat 7.0\Distillr\Acrotray.exe
C:\Program Files\Shaw Secure\Common\FSM32.EXE
C:\Program Files\Shaw Secure\FSGUI\ispnews.exe
C:\Program Files\Messenger\msmsgs.exe
C:\PROGRA~1\SHAWSE~1\ANTI-S~1\fsaw.exe
C:\Program Files\iPod\bin\iPodService.exe
C:\Program Files\Logitech\Desktop Messenger\8876480\Program\LogitechDesktopMessenger.exe
C:\Program Files\Common Files\Ahead\lib\NMBgMonitor.exe
C:\Documents and Settings\Tanya Main\Application Data\Verbatim Software\V-Key.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\Shaw Secure\FSGUI\fsguidll.exe
C:\Program Files\Shaw Secure\backweb\3875767\Program\fspex.exe
C:\Program Files\Microsoft Office\OFFICE11\OUTLOOK.EXE
C:\Program Files\Internet Explorer\IEXPLORE.EXE
C:\Documents and Settings\Tanya Main\My Documents\My Downloads\utilities\tanya.exe
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?linkid=677 (http://\"http://go.microsoft.com/fwlink/?linkid=677\")
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157 (http://\"http://go.microsoft.com/fwlink/?LinkId=69157\")
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896 (http://\"http://go.microsoft.com/fwlink/?LinkId=54896\")
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896 (http://\"http://go.microsoft.com/fwlink/?LinkId=54896\")
R1 - HKCU\Software\Microsoft\Internet Explorer\SearchURL,(Default) = http://g.msn.com/0SEENUS/SAOS01?FORM=TOOLBR (http://\"http://g.msn.com/0SEENUS/SAOS01?FORM=TOOLBR\")
O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll
O2 - BHO: (no name) - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~1\UTILIT~1\SPYBOT~1\SDHelper.dll
O2 - BHO: Windows Live Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
O2 - BHO: AcroIEToolbarHelper Class - {AE7CD045-E861-484f-8273-0445EE161910} - C:\Program Files\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll
O2 - BHO: Windows Live Toolbar Helper - {BDBD1DAD-C946-4A17-ADC1-64B5B4FF55D0} - C:\Program Files\Windows Live Toolbar\msntb.dll
O3 - Toolbar: Windows Live Toolbar - {BDAD1DAD-C946-4A17-ADC1-64B5B4FF55D0} - C:\Program Files\Windows Live Toolbar\msntb.dll
O3 - Toolbar: Adobe PDF - {47833539-D0C5-4125-9FA8-0819E2EAAC93} - C:\Program Files\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll
O4 - HKLM\..\Run: [KBD] C:\HP\KBD\KBD.EXE
O4 - HKLM\..\Run: [IAAnotif] C:\Program Files\Intel\Intel Matrix Storage Manager\iaanotif.exe
O4 - HKLM\..\Run: [LogitechCameraAssistant] C:\Program Files\Logitech\Video\CameraAssistant.exe
O4 - HKLM\..\Run: [LogitechVideo[inspector]] C:\Program Files\Logitech\Video\InstallHelper.exe /inspect
O4 - HKLM\..\Run: [ISUSPM Startup] "c:\Program Files\Common Files\InstallShield\UpdateService\isuspm.exe" -startup
O4 - HKLM\..\Run: [ISUSScheduler] "C:\Program Files\Common Files\InstallShield\UpdateService\issch.exe" -start
O4 - HKLM\..\Run: [PWRISOVM.EXE] C:\Program Files\PowerISO\PWRISOVM.EXE
O4 - HKLM\..\Run: [Windows Defender] "C:\Program Files\Windows Defender\MSASCui.exe" -hide
O4 - HKLM\..\Run: [Adobe Version Cue CS2] "C:\Program Files\Adobe\Adobe Version Cue CS2\ControlPanel\VersionCueCS2Tray.exe"
O4 - HKLM\..\Run: [RTHDCPL] RTHDCPL.EXE
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [iTunesHelper] "C:\Program Files\iTunes\iTunesHelper.exe"
O4 - HKLM\..\Run: [Acrobat Assistant 7.0] "C:\Program Files\Adobe\Acrobat 7.0\Distillr\Acrotray.exe"
O4 - HKLM\..\Run: [F-Secure Manager] "C:\Program Files\Shaw Secure\Common\FSM32.EXE" /splash
O4 - HKLM\..\Run: [F-Secure TNB] "C:\Program Files\Shaw Secure\TNB\TNBUtil.exe" /CHECKALL /WAITFORSW
O4 - HKLM\..\Run: [F-Secure Startup Wizard] "C:\Program Files\Shaw Secure\FSGUI\FSSW.EXE" /reboot
O4 - HKLM\..\Run: [News Service] "C:\Program Files\Shaw Secure\FSGUI\ispnews.exe"
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup
O4 - HKCU\..\Run: [MSMSGS] "C:\Program Files\Messenger\msmsgs.exe" /background
O4 - HKCU\..\Run: [LDM] C:\Program Files\Logitech\Desktop Messenger\8876480\Program\LogitechDesktopMessenger.exe
O4 - HKCU\..\Run: [BgMonitor_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA}] "C:\Program Files\Common Files\Ahead\lib\NMBgMonitor.exe"
O4 - HKCU\..\Run: [Store 'n' Go] C:\Documents and Settings\Tanya Main\Application Data\Verbatim Software\V-Key.exe
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - Global Startup: Adobe Acrobat Speed Launcher.lnk = ?
O4 - Global Startup: Adobe Gamma.lnk = C:\Program Files\Common Files\Adobe\Calibration\Adobe Gamma Loader.exe
O4 - Global Startup: Logitech Desktop Messenger.lnk = C:\Program Files\Logitech\Desktop Messenger\8876480\Program\LogitechDesktopMessenger.exe
O4 - Global Startup: Quicken Scheduled Updates.lnk = ?
O4 - Global Startup: Shaw Secure.lnk = C:\Program Files\Shaw Secure\backweb\3875767\Program\fspex.exe
O8 - Extra context menu item: &Block this popup - C:\Program Files\Shaw Secure\Anti-Spyware\blockpopups.htm
O8 - Extra context menu item: &Windows Live Search - res://C:\Program Files\Windows Live Toolbar\msntb.dll/search.htm
O8 - Extra context menu item: Convert link target to Adobe PDF - res://C:\Program Files\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIECapture.html
O8 - Extra context menu item: Convert link target to existing PDF - res://C:\Program Files\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIEAppend.html
O8 - Extra context menu item: Convert selected links to Adobe PDF - res://C:\Program Files\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIECaptureSelLinks.html
O8 - Extra context menu item: Convert selected links to existing PDF - res://C:\Program Files\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIEAppendSelLinks.html
O8 - Extra context menu item: Convert selection to Adobe PDF - res://C:\Program Files\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIECapture.html
O8 - Extra context menu item: Convert selection to existing PDF - res://C:\Program Files\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIEAppend.html
O8 - Extra context menu item: Convert to Adobe PDF - res://C:\Program Files\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIECapture.html
O8 - Extra context menu item: Convert to existing PDF - res://C:\Program Files\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIEAppend.html
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~4\Office10\EXCEL.EXE/3000
O8 - Extra context menu item: Open in new background tab - res://C:\Program Files\Windows Live Toolbar\Components\en-ca\msntabres.dll.mui/229?8cfca51a4ed045639d7b6bc063b7d9c1
O8 - Extra context menu item: Open in new foreground tab - res://C:\Program Files\Windows Live Toolbar\Components\en-ca\msntabres.dll.mui/230?8cfca51a4ed045639d7b6bc063b7d9c1
O9 - Extra button: Web Filter - {200DB664-75B5-47c0-8B45-A44ACCF73C00} - C:\Program Files\Shaw Secure\FSPC\fspcmsie.dll
O9 - Extra button: (no name) - {200DB664-75B5-47c0-8B45-A44ACCF73F01} - C:\Program Files\Shaw Secure\FSPC\fspcmsie.dll
O9 - Extra 'Tools' menuitem: Web Filter - {200DB664-75B5-47c0-8B45-A44ACCF73F01} - C:\Program Files\Shaw Secure\FSPC\fspcmsie.dll
O9 - Extra button: IE Shield - {300DB664-75B5-47c0-8B45-A44ACCF73C00} - C:\Program Files\Shaw Secure\Anti-Spyware\ieshield.dll
O9 - Extra 'Tools' menuitem: IE Shield... - {300DB664-75B5-47c0-8B45-A44ACCF73C00} - C:\Program Files\Shaw Secure\Anti-Spyware\ieshield.dll
O9 - Extra button: Send to OneNote - {6EB2AA45-3F30-40e1-9864-45EB153C6EDC} - C:\WINDOWS\system32\mscoree.DLL
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~4\OFFICE11\REFIEBAR.DLL
O9 - Extra button: Connection Help - {E2D4D26B-0180-43a4-B05F-462D6D54C789} - C:\WINDOWS\PCHEALTH\HELPCTR\Vendors\CN=Hewlett-Packard,L=Cupertino,S=Ca,C=US\IEButton\support.htm
O9 - Extra 'Tools' menuitem: Connection Help - {E2D4D26B-0180-43a4-B05F-462D6D54C789} - C:\WINDOWS\PCHEALTH\HELPCTR\Vendors\CN=Hewlett-Packard,L=Cupertino,S=Ca,C=US\IEButton\support.htm
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe (file missing)
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe (file missing)
O9 - Extra button: (no name) - {F37F00B3-19B2-4a69-B923-7A24AF07EE68} - C:\WINDOWS\system32\mscoree.DLL
O9 - Extra 'Tools' menuitem: Send to OneNote Settings - {F37F00B3-19B2-4a69-B923-7A24AF07EE68} - C:\WINDOWS\system32\mscoree.DLL
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O10 - Broken Internet access because of LSP provider 'winsflt.dll' missing
O11 - Options group: [INTERNATIONAL] International*
O16 - DPF: {13EC55CF-D993-475B-9ACA-F4A384957956} (Controller Class) - https://www.windowsonecare.com/install/cli/...nSSWebAgent.CAB (http://\"https://www.windowsonecare.com/install/cli/1.1.1067.14/WinSSWebAgent.CAB\")
O16 - DPF: {2AF5BD25-90C5-4EEC-88C5-B44DC2905D8B} (DownloadManager Control) - http://dlm.tools.akamai.com/dlmanager/vers...vex-2.2.1.0.cab (http://\"http://dlm.tools.akamai.com/dlmanager/versions/activex/dlm-activex-2.2.1.0.cab\")
O16 - DPF: {2ED9BC2B-4DF1-472E-9B5E-55477D2C97F5} (Microsoft Data Collection Control) - https://support.microsoft.com/OAS/ActiveX/odc.cab (http://\"https://support.microsoft.com/OAS/ActiveX/odc.cab\")
O16 - DPF: {49232000-16E4-426C-A231-62846947304B} - http://ipgweb.cce.hp.com/rdqcpc/downloads/sysinfo.cab (http://\"http://ipgweb.cce.hp.com/rdqcpc/downloads/sysinfo.cab\")
O16 - DPF: {644E432F-49D3-41A1-8DD5-E099162EEEC5} (Symantec RuFSI Utility Class) - http://security.symantec.com/sscv6/SharedC...n/bin/cabsa.cab (http://\"http://security.symantec.com/sscv6/SharedContent/common/bin/cabsa.cab\")
O16 - DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} (MUWebControl Class) - http://update.microsoft.com/microsoftupdat...b?1145485701574 (http://\"http://update.microsoft.com/microsoftupdate/v6/V5Controls/en/x86/client/muweb_site.cab?1145485701574\")
O16 - DPF: {9A9307A0-7DA4-4DAF-B042-5009F29E09E1} (ActiveScan Installer Class) - http://acs.pandasoftware.com/activescan/as5free/asinst.cab (http://\"http://acs.pandasoftware.com/activescan/as5free/asinst.cab\")
O16 - DPF: {B38870E4-7ECB-40DA-8C6A-595F0A5519FF} (MsnMessengerSetupDownloadControl Class) - http://messenger.msn.com/download/MsnMesse...pDownloader.cab (http://\"http://messenger.msn.com/download/MsnMessengerSetupDownloader.cab\")
O18 - Protocol: bwfile-8876480 - {9462A756-7B47-47BC-8C80-C34B9B80B32B} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\GAPlugProtocol-8876480.dll
O18 - Protocol: livecall - {828030A1-22C1-4009-854F-8E305202313F} - C:\PROGRA~1\MSNMES~1\MSGRAP~1.DLL
O18 - Protocol: msnim - {828030A1-22C1-4009-854F-8E305202313F} - C:\PROGRA~1\MSNMES~1\MSGRAP~1.DLL
O20 - Winlogon Notify: WgaLogon - C:\WINDOWS\SYSTEM32\WgaLogon.dll
O21 - SSODL: WPDShServiceObj - {AAA288BA-9A4C-45B0-95D7-94D524869DB5} - C:\WINDOWS\system32\WPDShServiceObj.dll
O23 - Service: Adobe LM Service - Adobe Systems - C:\Program Files\Common Files\Adobe Systems Shared\Service\Adobelmsvc.exe
O23 - Service: Adobe Version Cue CS2 - Unknown owner - C:\Program Files\Adobe\Adobe Version Cue CS2\bin\VersionCueCS2.exe" -win32service (file missing)
O23 - Service: Shaw Secure (BackWeb Plug-in - 3875767) - BackWeb Technologies Inc. - C:\PROGRA~1\SHAWSE~1\backweb\3875767\Program\SERVIC~1.EXE
O23 - Service: Intel® Quick Resume Technology Drivers (ELService) - Intel Corporation - C:\Program Files\Intel\IntelDH\Intel® Quick Resume Technology\ELService.exe
O23 - Service: FSGKHS (F-Secure Gatekeeper Handler Starter) - F-Secure Corporation - C:\Program Files\Shaw Secure\Anti-Virus\fsgk32st.exe
O23 - Service: FSBWSYS - F-Secure Corp. - C:\Program Files\Shaw Secure\backweb\3875767\program\fsbwsys.exe
O23 - Service: F-Secure Anti-Virus Firewall Daemon (FSDFWD) - F-Secure Corporation - C:\Program Files\Shaw Secure\FWES\Program\fsdfwd.exe
O23 - Service: F-Secure HTTP Server (fshttps) - F-Secure Corporation - C:\Program Files\Shaw Secure\FSPC\fshttps\fshttps.exe
O23 - Service: F-Secure Management Agent (FSMA) - F-Secure Corporation - C:\Program Files\Shaw Secure\Common\FSMA32.EXE
O23 - Service: Intel® Matrix Storage Event Monitor (IAANTMon) - Intel Corporation - C:\Program Files\Intel\Intel Matrix Storage Manager\iaantmon.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe
O23 - Service: iPod Service - Apple Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: LightScribeService Direct Disc Labeling Service (LightScribeService) - Hewlett-Packard Company - C:\Program Files\Common Files\LightScribe\LSSrvc.exe
O23 - Service: Logitech Process Monitor (LVPrcSrv) - Logitech Inc. - c:\program files\common files\logitech\lvmvfm\LVPrcSrv.exe
O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\system32\nvsvc32.exe
Reg search:
REGEDIT4
; RegSrch.vbs © Bill James
; Registry search results for string "ReportNet.exe" 28/05/2007 7:46:22 AM
; NOTE: This file will be deleted when you close WordPad.
; You must manually save this file to a new location if you want to refer to it again later.
; (If you save the file with a .reg extension, you can use it to restore any Registry changes you make to these values.)
[HKEY_USERS\S-1-5-21-3533601506-3101236516-4215187451-1009\Software\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{abfc1d5a-9a0c-11da-a553-0015f2a396f9}\Shell\AutoRun\command]
@="K:\\ReportNet.exe"
[HKEY_USERS\S-1-5-21-3533601506-3101236516-4215187451-1009\Software\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{abfc1d5a-9a0c-11da-a553-0015f2a396f9}\_Autorun\DefaultIcon]
@="K:\\ReportNet.exe"
Thx
Post by: guestolo on May 30, 2007, 10:57:10 PM
That looks ok
Can I have you do the following, let's add a few more folders to removal
- double-click
- Copy the file paths below to the clipboard by highlighting ALL of them and pressing CTRL + C (or, after highlighting, right-click and choose "Copy"):
================================================
C:\WINDOWS\system32\T6QaSQ
C:\WINDOWS\system32\T6
C:\WINDOWS\system32\T5
C:\WINDOWS\system32\T4
C:\WINDOWS\system32\T3
C:\WINDOWS\system32\pog
====================================================== - Return to OTMoveIt, right-click on the "Paste List of Files/Folders to be Moved" window and choose "Paste".
- Click the red "[color=\"red\"]MoveIt![/color]" button.
- Close OTMoveIt.
OTMoveIt will create a log here
C:\_OTMoveIt\MovedFiles\mmddyyyy_hhmmss.log
Where mmddyyyy_hhmmss is the date of the tool run.
Can you post that log please
Also, one last hijackthis log
Tanya, keep me informed how things are running please
Post by: tmirelle on May 30, 2007, 11:05:31 PM
File/Folder :\WINDOWS\system32\T6QaSQ not found.
C:\WINDOWS\system32\T6 moved successfully.
C:\WINDOWS\system32\T5 moved successfully.
C:\WINDOWS\system32\T4 moved successfully.
C:\WINDOWS\system32\T3 moved successfully.
C:\WINDOWS\system32\pog moved successfully.
Created on 05/30/2007 21:02:20
Hijack:
Logfile of HijackThis v1.99.1
Scan saved at 9:04:08 PM, on 30/05/2007
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.6000.16441)
Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Windows Defender\MsMpEng.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
c:\program files\common files\logitech\lvmvfm\LVPrcSrv.exe
C:\WINDOWS\arservice.exe
C:\PROGRA~1\SHAWSE~1\backweb\3875767\Program\SERVIC~1.EXE
C:\WINDOWS\eHome\ehRecvr.exe
C:\WINDOWS\eHome\ehSched.exe
C:\Program Files\Shaw Secure\Anti-Virus\fsgk32st.exe
C:\Program Files\Shaw Secure\Anti-Virus\FSGK32.EXE
C:\Program Files\Shaw Secure\backweb\3875767\program\fsbwsys.exe
C:\Program Files\Shaw Secure\Anti-Virus\fssm32.exe
C:\Program Files\Shaw Secure\Common\FSMA32.EXE
C:\Program Files\Intel\Intel Matrix Storage Manager\iaantmon.exe
C:\Program Files\Shaw Secure\Common\FSMB32.EXE
C:\Program Files\Common Files\LightScribe\LSSrvc.exe
C:\Program Files\Common Files\Microsoft Shared\VS7DEBUG\MDM.EXE
C:\WINDOWS\system32\nvsvc32.exe
C:\Program Files\Shaw Secure\Common\FCH32.EXE
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Shaw Secure\Anti-Virus\fsqh.exe
C:\Program Files\Shaw Secure\Common\FAMEH32.EXE
C:\Program Files\Shaw Secure\Anti-Virus\fsrw.exe
C:\Program Files\Shaw Secure\FSPC\fspc.exe
C:\Program Files\Intel\IntelDH\Intel® Quick Resume Technology\ELService.exe
C:\Program Files\Shaw Secure\Anti-Virus\fsav32.exe
C:\HP\KBD\KBD.EXE
C:\Program Files\Intel\Intel Matrix Storage Manager\iaanotif.exe
C:\Program Files\Logitech\Video\CameraAssistant.exe
C:\Program Files\Common Files\InstallShield\UpdateService\issch.exe
C:\Program Files\Adobe\Adobe Version Cue CS2\ControlPanel\VersionCueCS2Tray.exe
C:\WINDOWS\RTHDCPL.EXE
C:\WINDOWS\system32\lvcomsx.exe
C:\Program Files\iTunes\iTunesHelper.exe
C:\Program Files\Adobe\Acrobat 7.0\Distillr\Acrotray.exe
C:\Program Files\Shaw Secure\Common\FSM32.EXE
C:\Program Files\Shaw Secure\FSGUI\ispnews.exe
C:\Program Files\Messenger\msmsgs.exe
C:\Program Files\Logitech\Desktop Messenger\8876480\Program\LogitechDesktopMessenger.exe
C:\Program Files\Common Files\Ahead\lib\NMBgMonitor.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\Shaw Secure\backweb\3875767\Program\fspex.exe
C:\WINDOWS\system32\dllhost.exe
C:\Program Files\Shaw Secure\FWES\Program\fsdfwd.exe
C:\Program Files\iPod\bin\iPodService.exe
C:\PROGRA~1\SHAWSE~1\ANTI-S~1\fsaw.exe
C:\Program Files\Shaw Secure\FSGUI\fsguidll.exe
C:\WINDOWS\explorer.exe
C:\Program Files\BitComet\BitComet.exe
C:\Program Files\Smith Micro\StuffIt11\ArcNameService.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Program Files\Microsoft Office\OFFICE11\OUTLOOK.EXE
C:\Documents and Settings\Tanya Main\Desktop\Techguide\OTMoveIt.exe
C:\Documents and Settings\Tanya Main\My Documents\My Downloads\utilities\tanya.exe
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?linkid=677 (http://\"http://go.microsoft.com/fwlink/?linkid=677\")
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157 (http://\"http://go.microsoft.com/fwlink/?LinkId=69157\")
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896 (http://\"http://go.microsoft.com/fwlink/?LinkId=54896\")
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896 (http://\"http://go.microsoft.com/fwlink/?LinkId=54896\")
R1 - HKCU\Software\Microsoft\Internet Explorer\SearchURL,(Default) = http://g.msn.com/0SEENUS/SAOS01?FORM=TOOLBR (http://\"http://g.msn.com/0SEENUS/SAOS01?FORM=TOOLBR\")
O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll
O2 - BHO: (no name) - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~1\UTILIT~1\SPYBOT~1\SDHelper.dll
O2 - BHO: Windows Live Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
O2 - BHO: AcroIEToolbarHelper Class - {AE7CD045-E861-484f-8273-0445EE161910} - C:\Program Files\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll
O2 - BHO: Windows Live Toolbar Helper - {BDBD1DAD-C946-4A17-ADC1-64B5B4FF55D0} - C:\Program Files\Windows Live Toolbar\msntb.dll
O3 - Toolbar: Windows Live Toolbar - {BDAD1DAD-C946-4A17-ADC1-64B5B4FF55D0} - C:\Program Files\Windows Live Toolbar\msntb.dll
O3 - Toolbar: Adobe PDF - {47833539-D0C5-4125-9FA8-0819E2EAAC93} - C:\Program Files\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll
O4 - HKLM\..\Run: [KBD] C:\HP\KBD\KBD.EXE
O4 - HKLM\..\Run: [IAAnotif] C:\Program Files\Intel\Intel Matrix Storage Manager\iaanotif.exe
O4 - HKLM\..\Run: [LogitechCameraAssistant] C:\Program Files\Logitech\Video\CameraAssistant.exe
O4 - HKLM\..\Run: [LogitechVideo[inspector]] C:\Program Files\Logitech\Video\InstallHelper.exe /inspect
O4 - HKLM\..\Run: [ISUSPM Startup] "C:\Program Files\Common Files\InstallShield\UpdateService\isuspm.exe" -startup
O4 - HKLM\..\Run: [ISUSScheduler] "C:\Program Files\Common Files\InstallShield\UpdateService\issch.exe" -start
O4 - HKLM\..\Run: [PWRISOVM.EXE] C:\Program Files\PowerISO\PWRISOVM.EXE
O4 - HKLM\..\Run: [Windows Defender] "C:\Program Files\Windows Defender\MSASCui.exe" -hide
O4 - HKLM\..\Run: [Adobe Version Cue CS2] "C:\Program Files\Adobe\Adobe Version Cue CS2\ControlPanel\VersionCueCS2Tray.exe"
O4 - HKLM\..\Run: [RTHDCPL] RTHDCPL.EXE
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [iTunesHelper] "C:\Program Files\iTunes\iTunesHelper.exe"
O4 - HKLM\..\Run: [Acrobat Assistant 7.0] "C:\Program Files\Adobe\Acrobat 7.0\Distillr\Acrotray.exe"
O4 - HKLM\..\Run: [F-Secure Manager] "C:\Program Files\Shaw Secure\Common\FSM32.EXE" /splash
O4 - HKLM\..\Run: [F-Secure TNB] "C:\Program Files\Shaw Secure\TNB\TNBUtil.exe" /CHECKALL /WAITFORSW
O4 - HKLM\..\Run: [F-Secure Startup Wizard] "C:\Program Files\Shaw Secure\FSGUI\FSSW.EXE" /reboot
O4 - HKLM\..\Run: [News Service] "C:\Program Files\Shaw Secure\FSGUI\ispnews.exe"
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup
O4 - HKCU\..\Run: [MSMSGS] "C:\Program Files\Messenger\msmsgs.exe" /background
O4 - HKCU\..\Run: [LDM] C:\Program Files\Logitech\Desktop Messenger\8876480\Program\LogitechDesktopMessenger.exe
O4 - HKCU\..\Run: [BgMonitor_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA}] "C:\Program Files\Common Files\Ahead\lib\NMBgMonitor.exe"
O4 - HKCU\..\Run: [Store 'n' Go] C:\Documents and Settings\Tanya Main\Application Data\Verbatim Software\V-Key.exe
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [updateMgr] C:\Program Files\Adobe\Acrobat 7.0\Acrobat\AdobeUpdateManager.exe AcPro7_0_0
O4 - Global Startup: Adobe Acrobat Speed Launcher.lnk = ?
O4 - Global Startup: Adobe Gamma.lnk = C:\Program Files\Common Files\Adobe\Calibration\Adobe Gamma Loader.exe
O4 - Global Startup: Logitech Desktop Messenger.lnk = C:\Program Files\Logitech\Desktop Messenger\8876480\Program\LogitechDesktopMessenger.exe
O4 - Global Startup: Quicken Scheduled Updates.lnk = ?
O4 - Global Startup: Shaw Secure.lnk = C:\Program Files\Shaw Secure\backweb\3875767\Program\fspex.exe
O8 - Extra context menu item: &Block this popup - C:\Program Files\Shaw Secure\Anti-Spyware\blockpopups.htm
O8 - Extra context menu item: &Windows Live Search - res://C:\Program Files\Windows Live Toolbar\msntb.dll/search.htm
O8 - Extra context menu item: Convert link target to Adobe PDF - res://C:\Program Files\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIECapture.html
O8 - Extra context menu item: Convert link target to existing PDF - res://C:\Program Files\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIEAppend.html
O8 - Extra context menu item: Convert selected links to Adobe PDF - res://C:\Program Files\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIECaptureSelLinks.html
O8 - Extra context menu item: Convert selected links to existing PDF - res://C:\Program Files\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIEAppendSelLinks.html
O8 - Extra context menu item: Convert selection to Adobe PDF - res://C:\Program Files\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIECapture.html
O8 - Extra context menu item: Convert selection to existing PDF - res://C:\Program Files\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIEAppend.html
O8 - Extra context menu item: Convert to Adobe PDF - res://C:\Program Files\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIECapture.html
O8 - Extra context menu item: Convert to existing PDF - res://C:\Program Files\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIEAppend.html
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~4\Office10\EXCEL.EXE/3000
O8 - Extra context menu item: Open in new background tab - res://C:\Program Files\Windows Live Toolbar\Components\en-ca\msntabres.dll.mui/229?8cfca51a4ed045639d7b6bc063b7d9c1
O8 - Extra context menu item: Open in new foreground tab - res://C:\Program Files\Windows Live Toolbar\Components\en-ca\msntabres.dll.mui/230?8cfca51a4ed045639d7b6bc063b7d9c1
O9 - Extra button: Web Filter - {200DB664-75B5-47c0-8B45-A44ACCF73C00} - C:\Program Files\Shaw Secure\FSPC\fspcmsie.dll
O9 - Extra button: (no name) - {200DB664-75B5-47c0-8B45-A44ACCF73F01} - C:\Program Files\Shaw Secure\FSPC\fspcmsie.dll
O9 - Extra 'Tools' menuitem: Web Filter - {200DB664-75B5-47c0-8B45-A44ACCF73F01} - C:\Program Files\Shaw Secure\FSPC\fspcmsie.dll
O9 - Extra button: IE Shield - {300DB664-75B5-47c0-8B45-A44ACCF73C00} - C:\Program Files\Shaw Secure\Anti-Spyware\ieshield.dll
O9 - Extra 'Tools' menuitem: IE Shield... - {300DB664-75B5-47c0-8B45-A44ACCF73C00} - C:\Program Files\Shaw Secure\Anti-Spyware\ieshield.dll
O9 - Extra button: Send to OneNote - {6EB2AA45-3F30-40e1-9864-45EB153C6EDC} - C:\WINDOWS\system32\mscoree.DLL
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~4\OFFICE11\REFIEBAR.DLL
O9 - Extra button: Connection Help - {E2D4D26B-0180-43a4-B05F-462D6D54C789} - C:\WINDOWS\PCHEALTH\HELPCTR\Vendors\CN=Hewlett-Packard,L=Cupertino,S=Ca,C=US\IEButton\support.htm
O9 - Extra 'Tools' menuitem: Connection Help - {E2D4D26B-0180-43a4-B05F-462D6D54C789} - C:\WINDOWS\PCHEALTH\HELPCTR\Vendors\CN=Hewlett-Packard,L=Cupertino,S=Ca,C=US\IEButton\support.htm
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe (file missing)
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe (file missing)
O9 - Extra button: (no name) - {F37F00B3-19B2-4a69-B923-7A24AF07EE68} - C:\WINDOWS\system32\mscoree.DLL
O9 - Extra 'Tools' menuitem: Send to OneNote Settings - {F37F00B3-19B2-4a69-B923-7A24AF07EE68} - C:\WINDOWS\system32\mscoree.DLL
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O10 - Broken Internet access because of LSP provider 'winsflt.dll' missing
O11 - Options group: [INTERNATIONAL] International*
O16 - DPF: {13EC55CF-D993-475B-9ACA-F4A384957956} (Controller Class) - https://www.windowsonecare.com/install/cli/...nSSWebAgent.CAB (http://\"https://www.windowsonecare.com/install/cli/1.1.1067.14/WinSSWebAgent.CAB\")
O16 - DPF: {2AF5BD25-90C5-4EEC-88C5-B44DC2905D8B} (DownloadManager Control) - http://dlm.tools.akamai.com/dlmanager/vers...vex-2.2.1.0.cab (http://\"http://dlm.tools.akamai.com/dlmanager/versions/activex/dlm-activex-2.2.1.0.cab\")
O16 - DPF: {2ED9BC2B-4DF1-472E-9B5E-55477D2C97F5} (Microsoft Data Collection Control) - https://support.microsoft.com/OAS/ActiveX/odc.cab (http://\"https://support.microsoft.com/OAS/ActiveX/odc.cab\")
O16 - DPF: {49232000-16E4-426C-A231-62846947304B} - http://ipgweb.cce.hp.com/rdqcpc/downloads/sysinfo.cab (http://\"http://ipgweb.cce.hp.com/rdqcpc/downloads/sysinfo.cab\")
O16 - DPF: {644E432F-49D3-41A1-8DD5-E099162EEEC5} (Symantec RuFSI Utility Class) - http://security.symantec.com/sscv6/SharedC...n/bin/cabsa.cab (http://\"http://security.symantec.com/sscv6/SharedContent/common/bin/cabsa.cab\")
O16 - DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} (MUWebControl Class) - http://update.microsoft.com/microsoftupdat...b?1145485701574 (http://\"http://update.microsoft.com/microsoftupdate/v6/V5Controls/en/x86/client/muweb_site.cab?1145485701574\")
O16 - DPF: {9A9307A0-7DA4-4DAF-B042-5009F29E09E1} (ActiveScan Installer Class) - http://acs.pandasoftware.com/activescan/as5free/asinst.cab (http://\"http://acs.pandasoftware.com/activescan/as5free/asinst.cab\")
O16 - DPF: {B38870E4-7ECB-40DA-8C6A-595F0A5519FF} (MsnMessengerSetupDownloadControl Class) - http://messenger.msn.com/download/MsnMesse...pDownloader.cab (http://\"http://messenger.msn.com/download/MsnMessengerSetupDownloader.cab\")
O18 - Protocol: bwfile-8876480 - {9462A756-7B47-47BC-8C80-C34B9B80B32B} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\GAPlugProtocol-8876480.dll
O18 - Protocol: livecall - {828030A1-22C1-4009-854F-8E305202313F} - C:\PROGRA~1\MSNMES~1\MSGRAP~1.DLL
O18 - Protocol: msnim - {828030A1-22C1-4009-854F-8E305202313F} - C:\PROGRA~1\MSNMES~1\MSGRAP~1.DLL
O20 - Winlogon Notify: WgaLogon - C:\WINDOWS\SYSTEM32\WgaLogon.dll
O21 - SSODL: WPDShServiceObj - {AAA288BA-9A4C-45B0-95D7-94D524869DB5} - C:\WINDOWS\system32\WPDShServiceObj.dll
O23 - Service: Adobe LM Service - Adobe Systems - C:\Program Files\Common Files\Adobe Systems Shared\Service\Adobelmsvc.exe
O23 - Service: Adobe Version Cue CS2 - Unknown owner - C:\Program Files\Adobe\Adobe Version Cue CS2\bin\VersionCueCS2.exe" -win32service (file missing)
O23 - Service: Shaw Secure (BackWeb Plug-in - 3875767) - BackWeb Technologies Inc. - C:\PROGRA~1\SHAWSE~1\backweb\3875767\Program\SERVIC~1.EXE
O23 - Service: Intel® Quick Resume Technology Drivers (ELService) - Intel Corporation - C:\Program Files\Intel\IntelDH\Intel® Quick Resume Technology\ELService.exe
O23 - Service: FSGKHS (F-Secure Gatekeeper Handler Starter) - F-Secure Corporation - C:\Program Files\Shaw Secure\Anti-Virus\fsgk32st.exe
O23 - Service: FSBWSYS - F-Secure Corp. - C:\Program Files\Shaw Secure\backweb\3875767\program\fsbwsys.exe
O23 - Service: F-Secure Anti-Virus Firewall Daemon (FSDFWD) - F-Secure Corporation - C:\Program Files\Shaw Secure\FWES\Program\fsdfwd.exe
O23 - Service: F-Secure HTTP Server (fshttps) - F-Secure Corporation - C:\Program Files\Shaw Secure\FSPC\fshttps\fshttps.exe
O23 - Service: F-Secure Management Agent (FSMA) - F-Secure Corporation - C:\Program Files\Shaw Secure\Common\FSMA32.EXE
O23 - Service: Intel® Matrix Storage Event Monitor (IAANTMon) - Intel Corporation - C:\Program Files\Intel\Intel Matrix Storage Manager\iaantmon.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe
O23 - Service: iPod Service - Apple Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: LightScribeService Direct Disc Labeling Service (LightScribeService) - Hewlett-Packard Company - C:\Program Files\Common Files\LightScribe\LSSrvc.exe
O23 - Service: Logitech Process Monitor (LVPrcSrv) - Logitech Inc. - c:\program files\common files\logitech\lvmvfm\LVPrcSrv.exe
O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\system32\nvsvc32.exe
O23 - Service: Stuffit Archive Name Service - Smith Micro Software, Inc. - C:\Program Files\Smith Micro\StuffIt11\ArcNameService.exe
Thnx, I'll owe you one at the coyote sometime.........
Seems to be running OK, haven't noticed that popup (my original complaint)
How can I stop this crap from getting on my PC in the first place?
T
Post by: guestolo on May 30, 2007, 11:24:01 PM
Quote
How can I stop this crap from getting on my PC in the first place?
This is where I get to preach to you
/biggrin.gif\' class=\'bbc_emoticon\' alt=\':D\' /> keep SpywareBlaster updated
Also, utilize Immunize function in Spybot
After every update, click the Immunize button>>OK>>Immunize at the top green cross
Careful with what you download with any filesharing program you have
After you download a file(s)
Before you open them Right click on them and Scan them with your Antivirus software
And ensure your AV is always up to date
I think when you first posted your log, you didn't have no AV installed
That's not a good idea having no AV these days
I had Shaw secure installed at one time, but haven't reinstalled since I formatted
Do you like it?
Any slowdowns in the system from it?
I just noticed a bit of a delay on startup when I had it, but after it fully loaded, everything was fine
Post by: guestolo on May 30, 2007, 11:31:47 PM
Reset Windows to Hide hidden files and folders
* Click Start.
* Open My Computer.
* Select the Tools menu and click Folder Options.
* Select the View Tab.
* Under the Hidden files and folders heading select Do Not Show hidden files and folders.
* Check the Hide protected operating system files (recommended) option.
* Click OK.